In November 2025, Balancer was the victim of a hack of over $120 million. The attacker took advantage of smart contract vulnerabilities and the interconnectedness of Balancer v2 pools to drain tokens from pools across multiple chains.
Inside the Attack
The Balancer hacker exploited vulnerabilities in the protocol’s smart contract code. The hack is attributed to improper access controls within the protocol’s manageUserBalance function. The function checked msg.sender against a user-provided op.sender value as part of its access management strategy. However, the fact that the attacker set the value of op.sender meant that they could set it to match msg.sender and defeat the access controls.
With the access that this provides, the attacker could masquerade as the owner of any account in the protocol and execute the WITHDRAW_INTERNAL operation. This allowed them to drain balance from user accounts, resulting in over $120 million in losses across several chains.
Before exploiting this vulnerability, the attacker manipulated the balance of accounts via a series of swaps. This is believed to take advantage of a rounding error within the protocol, allowing invariant manipulation.
The scope of the attack was exacerbated by the composable nature of the Balancer platform, where individual pools all rely on a centralized contract for certain operations. While this makes it simpler to deploy new pools, it also allowed a single vulnerability to impact all Balancer v2 contracts. Additionally, many other projects built on top of Balancer suffered losses due to the incident.
The incident is also notable for the fact that the malicious smart contract used in the attack is believed to be partially vibe-coded. It contained console.log instructions, which may be included for code development and debugging but are usually stripped out of production code to conserve gas once the code is functional. However, LLMs often include these instructions, hinting that the attacker may have vibe-coded the smart contract and copy-pasted it directly from the LLM without removing these statements.
On the other hand, the attacker’s ability to fund the transaction with 100 ETH from Tornado Cash was noted as a sign that they have potentially performed hacks in the past. The fact that no recent 100 ETH deposits into the mixer have been performed in the past indicates that the attacker potentially collected proceeds from multiple past exploits to fund the new attack.
Lessons Learned from the Attack
The Balancer hack demonstrates the fact that even more established and tested smart contracts are potentially vulnerable to attack. Balancer has been active for years and has undergone several smart contract audits. However, an attacker managed to identify and exploit a vulnerability in the protocol for over $120 million.
While many of the biggest hacks of 2025 have targeted off-chain vulnerabilities, DeFi hackers still look for exploitable smart contract code. For help with identifying and closing the security gaps that attackers are likely to target, get in touch with Halborn.