Balancer Hacked for Over $100 Million — Forked Projects Also Under Attack

Security company @HashDit has just given a breaking news statement that Balancer, one of the top exchanges and liquidity protocols in the decentralized world has been hacked out of more than 100 million dollars. It was also launched against forked projects including @beets_fi (Beethoven X) and @berachain, which caused concern among most of the DeFi community.

🚨 HashDit BREAKING Alert@Balancer has been compromised for >$100M worth of funds now. Several forked projects like @beets_fi and @berachain have also been targeted.

Based on our scans, no notable BNBchain projects have been affected at the moment, but any forked projects… pic.twitter.com/d4RQzwImGx

— HashDit | now with Pro Extension (@HashDit) November 3, 2025

At 09:18 UTC on November 3, 2025, the incident reported. Additionally the monitoring tools of HashDit discovered three main Ethereum addresses containing a total of 117,461,646. Those were likely to belong to the attacker or wallets that had been compromised.

Scale and Breakdown of the Attack

The first blockchain data indicates that the attacker drained large sums of WETH, osETH, and wstETH, which are regularly utilized in the Balancer V2 liquidity pools.

• 0xaa76…8e3f: Approximately $100M, mostly in WETH (63.98%), osETH (26.92%), and wstETH (9%).
• Address 2 (0x827…80f4): $13.5M, diversified to ETH, osETH, and wstETH.
• 3 (0x0453…941c): about $3.7M, including primarily an unidentified token, probably a stablecoin.

The attack was on V2 smart contracts of Balancer, which controls staked ETH liquidity pools. Experts are of the view that the exploit was a smart contract logic bug through which the attacker could manage pool balances. In-herited open-source vulnerabilities of the shared codebase also impacted forked versions of Balancer, including Beats.fi (Fantom) and Berachain.

Past Violation and History.

It is not the first time Balancer experienced a breach:

• 2020: Loss of around half a million in a deflationary token exploit.
• 2023: approximately $900,000 in loss due to a pool vulnerability that was increased.
• Nevertheless, this hack is the largest by far, and thus one of the largest DeFi exploits of the year.
• As per the data presented by CoinDesk, the BAL token immediately reacted and fell by 5% several hours after the announcement.

Forked Projects Joins the Red Alert.

Some forked projects went offline after receiving a warning by HashDit. Beets.fi admitted to Discord that its pools were under review. Berachain paused temporarily the liquidity mining to research. None of the projects in the BNB Chain impacted although teams that made use of the Balancer codebase encouraged to run emergency audits.

The team of Balancer has not made an official statement as of 2:53 PM IST (09:23 UTC).
On-chain analysts are also actively monitoring the wallets of the attacker in order to trace funds. Probably, trade can freeze associated resources in case they become visible on centralized systems.

Although October recorded a reduction of 85 percent in crypto-hacks, much like other high-level exploits in the past, the current one indicates that serious threats are still ahead particularly in complex liquidity protocol.