The Balancer protocol has suffered a devastating exploit, with hackers draining more than $128 million in assets from its liquidity pools. Blockchain security firm PeckShield was the first to identify the attack, reporting a series of suspicious multi-chain transactions that point to a coordinated breach. According to Etherscan data, multiple large transfers occurred from Balancer’s main wallet to an external address. The withdrawn assets included: 6,587 WETH (~$24.5 million) 6,851 osETH (~$26.9 million) 4,260 wstETH (~$19.3 million) The combined volume suggested a compromise in the protocol’s smart contract or pool storage logic. Shortly after reports emerged, the Balancer team confirmed that the project had been hit by a potential attack. Mikko Ohtamaa, CEO of Trading Strategy, suggested that the exploit might stem from a verification error in Balancer’s smart contract logic. He noted that while not all versions appear affected, if the flaw exists in older v2 forks, total damages could exceed $110 million. Meanwhile, PeckShield reported that the attack remains active across multiple blockchains where Balancer operates. Analysts said the scope of the breach has already surpassed early estimates, with funds continuing to flow out of compromised pools. The latest data now shows total losses surpassing $128 million. Balancer, launched in 2020, operates as a decentralized exchange (DEX) and automated portfolio manager built on Ethereum. It allows users to trade tokens and supply liquidity to automatically balancing pools — a core mechanism of decentralized finance. Analysts estimate that Balancer manages over $350 million in total assets on Ethereum alone. However, following confirmation of the exploit, the BAL token dropped over 4%, reflecting market fears about liquidity loss and recurring DeFi vulnerabilities. The breach adds to a growing list of DeFi protocol hacks in 2025, further undermining investor confidence in smart contract safety. For context, the Bunni exchange recently ceased operations after a similar exploit, highlighting the persistent security risks haunting decentralized finance.