- Moved assets include StakeWise staked ether (OSETH), wrapped ether (WETH), and Lido wstETH (wSTETH).
- In September 2023, Balancer suffered a DNS hijack and phishing attack that resulted in roughly $238,000 in losses.
- In August 2023, another vulnerability in Balancer’s liquidity pools led to nearly $1 million in losses.
A suspicious transfer of digital assets valued at nearly $70 million has again put Balancer, one of Ethereum’s leading decentralized exchanges, under scrutiny.
The incident has reignited debate about the security of decentralized finance (DeFi), where transparency and automation often coexist with deep structural vulnerabilities.
It also illustrates how core DeFi features — permissionless access, open-source code, and composable smart contracts — can quickly become liabilities when targeted by skilled attackers.
For Balancer, this latest incident adds to a growing record of network events that are reshaping how market participants view digital finance risk and prompting calls for stronger, more coordinated defenses across the DeFi ecosystem.
$70 million in ETH‑pegged assets moved to a new wallet
Blockchain records on Etherscan show that, across three transactions, roughly $79 million in assets moved from Balancer liquidity pools to a newly created wallet.
Analysis firm Nansen identified the transferred holdings as 6,850 StakeWise staked ether (OSETH), 6,590 wrapped ether (WETH), and 4,260 Lido wstETH (wSTETH).
On‑chain analysts began tracking the wallet’s activity and noted patterns similar to previous DeFi drain incidents.
Blockchain security company Cyvers reported that suspicious transactions across multiple chains could be related to Balancer and estimated exposure as high as $84 million.
Cyvers is currently assessing whether these transfers were coordinated through a smart contract vulnerability or enabled by exploiting cross‑protocol liquidity flows.
Balancer’s history of attacks
In September 2023, the protocol’s website was compromised through a domain name system (DNS) hijack that redirected users to a phishing interface.
Blockchain investigator ZachXBT reported that attackers deployed malicious smart contracts intended to capture private keys and drain funds, causing about $238,000 in losses.
One month earlier, in August 2023, Balancer disclosed a stablecoin exploit that resulted in nearly $1 million lost by liquidity providers.
That event followed the team’s disclosure of a “critical vulnerability” that affected certain liquidity pools; although partially mitigated, some configurations remained exploitable.
The recurrence of incidents in such a short timeframe underscores how DeFi’s open nature can spur innovation while simultaneously providing attackers with evolving blueprints for finding protocol weaknesses.
These breaches demonstrate that security audits alone are not sufficient without continuous on‑chain monitoring and real‑time risk mitigation systems.
The DeFi security paradox
Balancer’s case highlights a central paradox of decentralized finance.
By removing intermediaries, protocols deliver transparency and autonomy — but they also remove the ability to intervene when funds are at risk.
Unlike centralized exchanges that can freeze or reverse transactions, DeFi protocols run on immutable smart contracts.
When those contracts are exploited, the losses are often permanent and difficult to recover.
This structural rigidity has drawn criticism from institutional investors, who see such vulnerabilities as a barrier to broader adoption.
In response, some DeFi projects have adopted layered defenses such as decentralized insurance pools, advanced audit frameworks, and formal verification of contract code.
However, these protections remain inconsistently applied across the ecosystem.
As a result, Balancer’s repeated security problems serve as a case study in how liquidity incentives and composability can amplify systemic risk.
As DeFi protocols become more interconnected via shared token standards and cross‑chain bridges, a compromised smart contract can trigger cascading financial risk across multiple platforms.