- The transferred assets included StakeWise Staked Ether (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH).
- In September 2023 Balancer was hit by a phishing attack that resulted in a loss of roughly $238,000.
- A separate exploitation in August drained nearly $1 million after a vulnerability was found in Balancer’s liquidity pools.
A suspected exploit involving digital assets valued at nearly $70 million has once again put Balancer, one of Ethereum’s leading decentralized exchanges, under scrutiny.
The incident has renewed debate over the security of decentralized finance (DeFi), where transparency and automation often coexist with deep structural vulnerabilities.
It also highlights how fundamental DeFi features—permissionless access, open-source code, and composable smart contracts—can quickly become liabilities when targeted by skilled attackers.
For Balancer, the breach adds to a growing record of cyber incidents that are reshaping risk perceptions in digital finance and prompting calls for stronger, coordinated defenses across the DeFi ecosystem.
$70 million in Ether-linked assets moved to a new wallet
Blockchain records on Etherscan show that $70.9 million in assets were moved from Balancer’s liquidity pools to a newly created wallet in three transactions.
Data from analytics firm Nansen identified the transferred assets as 6,850 StakeWise Staked Ether (OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH (wSTETH).
On-chain analysts began tracking the wallet’s behavior and noted patterns similar to previous DeFi drainage incidents.
Blockchain security firm Cyvers reported that up to $84 million in suspicious transactions across multiple chains may be linked to Balancer.
The firm is currently analyzing whether the transfers were coordinated through vulnerabilities in smart contracts or facilitated by an external exploit that took advantage of liquidity flows between protocols.
History of attacks on Balancer
In September 2023 the protocol’s website was compromised via a domain name system (DNS) hijack that redirected users to a phishing interface.
Attackers deployed malicious smart contracts designed to capture private keys and drain funds, resulting in losses of about $238,000, according to blockchain investigator ZachXBT.
Just a month earlier, in August, Balancer reported a stablecoin exploitation that cost liquidity providers nearly $1 million.
The incident followed disclosure of a “critical vulnerability” affecting certain liquidity pools—an issue that had been partially mitigated but could still be exploited under specific configurations.
The recurrence of incidents in such a short timeframe suggests that DeFi’s open-source nature, while fostering innovation, also gives attackers a developing playbook for targeting protocol weaknesses.
These breaches demonstrate that audits alone are insufficient without continuous on-chain monitoring and real-time risk mitigation systems.
The DeFi security paradox
The Balancer case illustrates a paradox at the heart of decentralized finance.
By removing intermediaries, protocols achieve transparency and autonomy, but they also eliminate the ability to intervene when funds are misappropriated.
Unlike centralized exchanges that can freeze or reverse transactions, DeFi protocols run on immutable smart contracts.
Once losses are exploited, they are permanent and usually irrecoverable.
This structural rigidity has drawn criticism from institutional investors who view such vulnerabilities as barriers to broader adoption.
In response, some DeFi projects have introduced layered defenses such as decentralized insurance pools, enhanced audit frameworks, and formal verification of contract code.
However, these measures remain inconsistently applied across the ecosystem.
Balancer’s repeated security problems can therefore serve as a case study in how liquidity incentives and composability can amplify systemic exposure.
As DeFi protocols become more interconnected through shared token standards and cross-chain bridges, a single compromised smart contract can trigger cascading financial risks across multiple platforms.