Balancer’s $70 million breach exposes DeFi’s fragile foundation

• The moved assets included StakeWise Staked Ether (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH).
• In September 2023, Balancer suffered a phishing attack that resulted in a loss of about $238,000.
• A separate August exploit drained nearly $1 million after a vulnerability was found in Balancer’s liquidity pools.

A suspected exploit involving nearly $70 million worth of digital assets has once again placed Balancer, one of Ethereum’s leading decentralised exchanges, under scrutiny.

The incident has reignited debate over the security of decentralised finance (DeFi), where transparency and automation often coexist with deep structural vulnerabilities.

It also shows how core DeFi features such as permissionless access, open-source code, and composable smart contracts can quickly turn into liabilities when targeted by skilled attackers.

For Balancer, the breach adds to a growing record of cyber incidents that are reshaping risk perceptions across digital finance and prompting calls for stronger, coordinated defences across the DeFi ecosystem.

$70 million in Ether-linked assets transferred to new wallet

Blockchain records on Etherscan show that $70.9 million in assets were moved from Balancer liquidity pools to a newly created wallet via three transactions.

Data from analytics firm Nansen identified the transferred assets as 6,850 StakeWise Staked Ether (OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH (wSTETH).

On-chain analysts began tracking the wallet’s behaviour, observing similarities to previous DeFi drain patterns.

Blockchain security firm Cyvers reported that up to $84 million in suspicious transactions across multiple chains may be linked to Balancer.

The firm is currently analysing whether the transfers were coordinated through smart-contract vulnerabilities or facilitated by an external exploit exploiting inter-protocol liquidity flows.

History of attacks at Balancer

In September 2023, the protocol’s website was compromised through a domain name system (DNS) hijack that redirected users to a phishing interface.

Hackers executed malicious smart contracts designed to capture private keys and drain funds, resulting in losses of approximately $238,000, according to blockchain investigator ZachXBT.

Just a month earlier, in August, Balancer reported a stablecoin exploit that cost liquidity providers nearly $1 million.

That incident occurred shortly after the team disclosed a “critical vulnerability” affecting certain liquidity pools, which had been partially mitigated but remained exploitable in specific configurations.

The recurrence of incidents within such a short timeframe suggests that DeFi’s open-source nature, while fostering innovation, also provides attackers with an evolving blueprint to target protocol weaknesses.

These breaches demonstrate that security audits alone are insufficient without continuous on-chain monitoring and real-time risk mitigation systems.

DeFi’s security paradox

The Balancer case illustrates a paradox at the heart of decentralised finance.

By removing intermediaries, protocols achieve transparency and autonomy, while also eliminating the possibility of intervention when funds are misappropriated.

Unlike centralised exchanges that can freeze or reverse transactions, DeFi protocols operate on immutable smart contracts.

Once exploited, losses are permanent and typically unrecoverable.

This structural rigidity has drawn criticism from institutional investors who view such vulnerabilities as barriers to large-scale adoption.

In response, some DeFi projects have introduced layered defences such as decentralised insurance pools, advanced audit frameworks, and formal verification of contract code.

However, these measures remain inconsistent across the ecosystem.

Balancer’s repeated security issues may therefore serve as a case study in how liquidity incentives and composability can amplify systemic exposure.

As DeFi protocols become more interconnected through shared token standards and cross-chain bridges, a single compromised smart contract can trigger cascading financial risks across multiple platforms.