- Transferred assets included StakeWise Staked Ether (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH).
- In September 2023, Balancer suffered a phishing attack that resulted in losses of about $238,000.
- A separate August exploit drained nearly $1 million after a vulnerability was found in Balancer’s liquidity pools.
What appears to be an exploitation affecting nearly $70 million in digital assets has once again put Balancer, one of Ethereum’s major decentralized exchanges, under scrutiny.
The incident has reignited debate over security in decentralized finance (DeFi), where transparency and automation often coexist with deep structural vulnerabilities.
It also demonstrates how core DeFi features — permissionless access, open-source code, and composable smart contracts — can quickly become liabilities when skilled attackers identify and exploit weaknesses.
Balancer says the breach adds to a growing number of cyber incidents reshaping perceptions of risk in digital finance and underscores the need for stronger, more coordinated defenses across the DeFi ecosystem.
$70 million worth of Ether-linked assets moved to a new wallet
Blockchain records on Etherscan show that assets worth $70.9 million were transferred from Balancer liquidity pools into a newly created wallet across three transactions.
Analytics firm Nansen identified the moved assets as 6,850 StakeWise Staked Ether (OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH (wSTETH) in its reporting.
On-chain analysts began tracking the wallet’s behavior and noted similarities to previous DeFi drain patterns.
Blockchain security company Cyvers reported that suspicious transactions worth up to $84 million across several chains may be linked to Balancer.
The firm is currently analyzing whether the transfers were coordinated through smart contract vulnerabilities or facilitated by an external exploit that leveraged cross-protocol liquidity flows.
History of attacks on Balancer
In September 2023, Balancer’s website was compromised through a DNS hijacking that redirected users to a phishing interface.
Attackers executed malicious smart contracts designed to capture private keys and drain funds, causing roughly $238,000 in losses, according to blockchain investigator ZachXBT.
Just a month earlier, in August, Balancer reported a stablecoin exploit that cost liquidity providers nearly $1 million.
The incident followed the disclosure of a “critical vulnerability” affecting certain liquidity pools; mitigations had been partially applied, but some configurations remained exploitable.
The recurrence of incidents in such a short span suggests that DeFi’s open-source nature, while fueling innovation, also gives attackers evolving playbooks for targeting protocol weaknesses.
These breaches show that audits alone are insufficient without continuous on-chain monitoring and real-time risk management systems.
The DeFi security paradox
Balancer’s case exemplifies a paradox at the heart of decentralized finance.
By removing intermediaries, protocols gain transparency and autonomy while also eliminating centralized intervention options when assets are misused.
Unlike centralized exchanges, which can freeze or reverse transactions, DeFi protocols operate with immutable smart contracts.
Once losses are realized, they are typically permanent and difficult to recover.
This structural rigidity has drawn criticism from institutional investors who view such vulnerabilities as barriers to broader adoption.
In response, some DeFi projects have adopted layered defenses, including decentralized insurance pools, advanced audit frameworks, and formal verification of contract code.
However, these measures remain inconsistent across the wider ecosystem.
Balancer’s repeated security issues can therefore serve as a case study in how liquidity incentives and composability may amplify systemic exposure.
As DeFi protocols become increasingly interconnected through shared token standards and cross-chain bridges, a single compromised smart contract can trigger cascading financial risks across multiple platforms.