Over $116 million in crypto assets have been drained from Balancer Protocol, marking one of the most severe decentralized finance (DeFi) exploits of 2025. At approximately 9:12 AM on Monday, blockchain analytics firm Lookonchain first raised the alarm, reporting that Balancer had been exploited for $70.6 million in crypto assets. Initial data revealed that the attacker siphoned off 6,587 WETH ($24.46 million), 6,851 osETH ($26.86 million), and 4,260 wstETH (~$19.27 million) across multiple blockchains. Balancer $116M DeFi Exploit Unfolds Within just thirty minutes, Lookonchain updated that the attack was still ongoing, with total stolen funds exceeding $116 million. The scale and precision of the exploit suggest a highly coordinated and technically sophisticated operation spanning several DeFi ecosystems. As of press time, on-chain data shows the hacker’s DeBank portfolio holding around $95 million, while roughly $21 million has been distributed to various wallets, likely an early move toward obfuscating and liquidating the stolen assets.Source: DeBank The exploit has also triggered a ripple effect across Balancer-forked projects, as many associated protocols reported security breaches or precautionary withdrawals. Panic withdrawals began soon after news of the attack broke, most notably from a whale wallet (0x0090) that had been dormant for three years but suddenly withdrew $6.5 million from Balancer pools. Major DeFi Protocols Respond Major Ethereum-based protocols have been quick to respond. Lido, a leading liquid staking platform, confirmed that certain Balancer V2 pools were impacted but clarified that Lido’s core protocol and user funds remain safe. In an official statement, Lido noted: “Out of an abundance of caution, the Veda team — curators of Lido GGV — has withdrawn its unaffected Balancer position.” Meanwhile, Aave, another top DeFi lending protocol, emphasized that it remains completely unaffected. Aave explained that its Aave/stETH stkBPT pool uses a custom version of Balancer V2 that operates independently of Balancer’s vulnerable components. “The Aave protocol has no dependencies over Balancer V2 and is unaffected to the best of our knowledge,” the team stated. Unclear Root Cause and Ongoing Investigation Balancer developers have acknowledged the exploit but have not revealed the root cause or the extent of the loss. However, early signs point to a complex cross-chain exploit vector that may have targeted the protocol’s unique liquidity architecture. Moreover, today’s exploit is not the first time the Balancer protocol has faced attacks and drains from its pools. In August 2023, the protocol suffered a $2 million drain associated with a code vulnerability, and then the following month, over $900,000 was drained again across its V2 pool. Just like the recent exploit, the vulnerable assets were spread across various networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM. Growing DeFi Security Concerns Another noticeable concern about the recent crypto exploit is how it’s now spreading across every major chain aside from Ethereum. On September 8, Nemo Protocol, a decentralized finance (DeFi) yield platform operating on the Sui blockchain, fell victim to a cyberattack that resulted in $2.4 million in losses just ahead of its scheduled maintenance window. On the same day, Swiss crypto platform SwissBorg lost $41.5 million worth of Solana (SOL) tokens after hackers compromised partner API provider Kiln. Similarly, in May, Cryptonews reported that Cetus Protocol, a decentralized exchange built on the Sui blockchain, fell victim to an exploit that siphoned off more than $200 million in crypto assets. PeckShield’s latest report reveals that crypto hacks caused $127.06 million in losses in September 2025 alone, noting the continued risk of large-scale attacks on decentralized finance (DeFi) and blockchain platforms. In just the first half of 2025, crypto exploits reached $2.1 billion, nearly matching all of 2024’s total losses. Why Crypto Hacks Keep Happening When Cryptonews spoke with Mitchell Amador, founder and CEO of Immunefi, in August, he revealed that most crypto hacks happen for three major reasons, which are: Static audits: Enterprises rely on one-time checks, missing post-launch flaws in evolving smart contracts. Ignoring incentives: They underestimate Web3’s open-ledger attack appeal, needing bounties to outbid black hats. No Web3 expertise: Many teams lack prior blockchain knowledge, missing composability or oracle risksOver $116 million in crypto assets have been drained from Balancer Protocol, marking one of the most severe decentralized finance (DeFi) exploits of 2025. At approximately 9:12 AM on Monday, blockchain analytics firm Lookonchain first raised the alarm, reporting that Balancer had been exploited for $70.6 million in crypto assets. Initial data revealed that the attacker siphoned off 6,587 WETH ($24.46 million), 6,851 osETH ($26.86 million), and 4,260 wstETH (~$19.27 million) across multiple blockchains. Balancer $116M DeFi Exploit Unfolds Within just thirty minutes, Lookonchain updated that the attack was still ongoing, with total stolen funds exceeding $116 million. The scale and precision of the exploit suggest a highly coordinated and technically sophisticated operation spanning several DeFi ecosystems. As of press time, on-chain data shows the hacker’s DeBank portfolio holding around $95 million, while roughly $21 million has been distributed to various wallets, likely an early move toward obfuscating and liquidating the stolen assets.Source: DeBank The exploit has also triggered a ripple effect across Balancer-forked projects, as many associated protocols reported security breaches or precautionary withdrawals. Panic withdrawals began soon after news of the attack broke, most notably from a whale wallet (0x0090) that had been dormant for three years but suddenly withdrew $6.5 million from Balancer pools. Major DeFi Protocols Respond Major Ethereum-based protocols have been quick to respond. Lido, a leading liquid staking platform, confirmed that certain Balancer V2 pools were impacted but clarified that Lido’s core protocol and user funds remain safe. In an official statement, Lido noted: “Out of an abundance of caution, the Veda team — curators of Lido GGV — has withdrawn its unaffected Balancer position.” Meanwhile, Aave, another top DeFi lending protocol, emphasized that it remains completely unaffected. Aave explained that its Aave/stETH stkBPT pool uses a custom version of Balancer V2 that operates independently of Balancer’s vulnerable components. “The Aave protocol has no dependencies over Balancer V2 and is unaffected to the best of our knowledge,” the team stated. Unclear Root Cause and Ongoing Investigation Balancer developers have acknowledged the exploit but have not revealed the root cause or the extent of the loss. However, early signs point to a complex cross-chain exploit vector that may have targeted the protocol’s unique liquidity architecture. Moreover, today’s exploit is not the first time the Balancer protocol has faced attacks and drains from its pools. In August 2023, the protocol suffered a $2 million drain associated with a code vulnerability, and then the following month, over $900,000 was drained again across its V2 pool. Just like the recent exploit, the vulnerable assets were spread across various networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM. Growing DeFi Security Concerns Another noticeable concern about the recent crypto exploit is how it’s now spreading across every major chain aside from Ethereum. On September 8, Nemo Protocol, a decentralized finance (DeFi) yield platform operating on the Sui blockchain, fell victim to a cyberattack that resulted in $2.4 million in losses just ahead of its scheduled maintenance window. On the same day, Swiss crypto platform SwissBorg lost $41.5 million worth of Solana (SOL) tokens after hackers compromised partner API provider Kiln. Similarly, in May, Cryptonews reported that Cetus Protocol, a decentralized exchange built on the Sui blockchain, fell victim to an exploit that siphoned off more than $200 million in crypto assets. PeckShield’s latest report reveals that crypto hacks caused $127.06 million in losses in September 2025 alone, noting the continued risk of large-scale attacks on decentralized finance (DeFi) and blockchain platforms. In just the first half of 2025, crypto exploits reached $2.1 billion, nearly matching all of 2024’s total losses. Why Crypto Hacks Keep Happening When Cryptonews spoke with Mitchell Amador, founder and CEO of Immunefi, in August, he revealed that most crypto hacks happen for three major reasons, which are: Static audits: Enterprises rely on one-time checks, missing post-launch flaws in evolving smart contracts. Ignoring incentives: They underestimate Web3’s open-ledger attack appeal, needing bounties to outbid black hats. No Web3 expertise: Many teams lack prior blockchain knowledge, missing composability or oracle risks