In another major blow to the decentralized finance (DeFi) sector, hackers have successfully exploited a critical vulnerability in the Balancer protocol, stealing more than $100 million worth of crypto assets.
Balancer — a well-known DeFi platform that enables automated market-making (AMM) and liquidity pools — confirmed that the incident affected only its V2 Composable Stable Pools. The rest of its ecosystem, including Balancer V3 and legacy pools, remains unaffected and secure.
What Happened
The attack targeted Balancer’s older Composable Stable Pools, which had been active on-chain for several years. Many of these pools were beyond their “pause window” — a built-in feature that allows Balancer to temporarily halt operations during emergencies.
While pools still within the pause window were quickly taken offline, the older pools remained vulnerable. These have now been moved into recovery mode as the investigation continues.
Rapid Response and Investigation
Balancer’s team acted swiftly, collaborating with leading blockchain security researchers to assess the scope and nature of the exploit.
A full technical post-mortem report is expected once the investigation concludes. Balancer emphasized its commitment to transparency and highlighted that all its products undergo extensive third-party audits and are covered by bug bounty programs aimed at preventing such incidents.
Legal and Security Follow-Up
Legal and cybersecurity professionals are now working closely with Balancer to track down the attackers and enhance long-term user protection.
However, in the wake of the breach, scammers have begun circulating phishing messages pretending to represent the Balancer Security Team. These fraudulent communications are designed to trick users into revealing private keys or transferring funds.
Official Warning to Users
Balancer has urged users to ignore unsolicited messages, avoid clicking on unknown links, and rely solely on official communication channels — including the project’s verified X (Twitter) account and Discord server.
The team reaffirmed that no legitimate Balancer representative will ever ask for personal wallet information.
Ongoing Commitment to Security
Despite the exploit, Balancer has reassured its community that user protection and operational security remain top priorities.
The DeFi community and partner organizations have expressed strong support, working together to identify the vulnerability and implement stronger safeguards to prevent similar breaches in the future.
Cybersecurity Takeaway
The Balancer hack underscores the importance of continuous smart-contract auditing, timely protocol updates, and vigilant communication practices.
For DeFi investors and blockchain users alike, staying informed about vulnerabilities — and verifying information only through official sources — is crucial to minimizing risk in an increasingly complex Web3 landscape.
Stay safe, stay informed — and always verify before you trust.
