- Moved assets included StakeWise Staked Ether (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH).
- In September 2023, Balancer suffered a phishing attack that resulted in a loss of about $238,000.
- A separate exploit in August drained nearly $1 million after a vulnerability was discovered in Balancer’s liquidity pools.
An alleged exploit involving nearly $70 million in digital assets has once again put Balancer, one of Ethereum’s leading decentralized exchange platforms, in the spotlight.
The incident has reignited the debate around security in decentralized finance (DeFi), where transparency and automation often coexist with deep structural vulnerabilities.
It also highlights how core DeFi features—permissionless access, open-source code, and composable smart contracts—can quickly become liabilities when targeted by skilled attackers.
For Balancer, this breach adds to a growing list of cybersecurity incidents that are reshaping perceptions of risk in digital finance and prompting calls for stronger, more coordinated defenses across the DeFi ecosystem.
$70 million in ether-related assets moved to a new wallet
Blockchain records on Etherscan show that $70.9 million in assets were transferred from Balancer liquidity pools to a newly created wallet across three transactions.
Analytics firm Nansen identified the transferred assets as 6,850 StakeWise Staked Ether (OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH (wSTETH).
On-chain analysts began monitoring the wallet’s activity, noting patterns similar to previous DeFi draining incidents.
Blockchain security firm Cyvers reported that up to $84 million in suspicious transactions across multiple chains could be linked to Balancer.
Cyvers is currently analyzing whether the transfers were coordinated via smart contract vulnerabilities or facilitated by an external exploit leveraging cross-protocol liquidity flows.
Balancer’s history of attacks
In September 2023, the protocol’s website was compromised through a DNS hijack that redirected users to a phishing interface.
Attackers executed malicious smart contracts designed to capture private keys and drain funds, resulting in roughly $238,000 in losses, according to blockchain investigator ZachXBT.
Just a month earlier, in August, Balancer reported a stablecoin exploit that cost liquidity providers nearly $1 million.
That incident followed the disclosure of a “critical vulnerability” affecting certain liquidity pools; partial mitigations had been applied but the issue remained exploitable in specific configurations.
The recurrence of incidents over a short period suggests that DeFi’s open-source nature, while fostering innovation, also provides attackers with a reproducible blueprint for targeting protocol weaknesses.
These breaches demonstrate that security audits alone are not enough without continuous on-chain monitoring and real-time risk mitigation systems.
The DeFi security paradox
The Balancer case exemplifies a central paradox in decentralized finance.
By removing intermediaries, protocols deliver transparency and autonomy but also eliminate the ability to intervene when funds are diverted.
Unlike centralized exchanges that can freeze or reverse transactions, DeFi protocols run on immutable smart contracts.
Once exploited, losses are typically permanent and difficult to recover.
This structural rigidity has drawn criticism from institutional investors who view such vulnerabilities as barriers to widespread adoption.
In response, some DeFi projects have implemented multi-layered defenses, including decentralized insurance pools, advanced audit frameworks, and formal verification of contract code.
However, these measures remain uneven across the ecosystem.
Breach patterns at Balancer therefore serve as a case study on how liquidity incentives and composability can amplify systemic exposure.
As DeFi protocols become increasingly interconnected through shared token standards and cross-chain bridges, a single compromised smart contract can trigger cascading financial risks across multiple platforms.