Balancer theft of $128 million update: StakeWise recovers $20 million; Berachain emergency Hard Fork

This week, the Balancer protocol experienced a significant Decentralized Finance ( DeFi ) exploit event, with total losses exceeding $128 million. The liquid staking platform StakeWise acted quickly, successfully recovering approximately 5,041 osETH (worth about $19 million) and 13,495 osGNO (about $1.7 million) from the attacker through an emergency multisignature by the DAO. This recovery accounts for 73.5% of the stolen osETH, creating conditions for proportional fund recovery for affected users.

Meanwhile, the Berachain Foundation announced progress in the emergency hard fork initiated to address the vulnerabilities of its decentralized exchange BEX. The vulnerability stemmed from a large-scale attack targeting the Balancer V2 liquidity pool and cross-chain forks.

StakeWise Successfully Recovered Most of the Stolen osETH

After Balancer suffered significant losses, StakeWise's rapid response mechanism achieved notable results, recovering most of the user assets.

• Recovery details: StakeWise posted on the X platform on November 4, confirming that its DAO emergency multisignature address successfully recovered 73.5% of the stolen osETH, worth approximately $19 million. Additionally, osGNO worth about $1.7 million was also recovered.
• Unable to recover part: 26.5% of osETH (approximately 7 million USD) has been quickly converted to ETH by the attacker and could not be recovered.
• Asset Recovery: StakeWise stated that the recovered funds will be returned to affected users proportionally based on their balances prior to the incident. A complete analysis of the event and subsequent steps will be announced soon.

Balancer suffers the largest hack in history: $128 million in assets stolen

The attack exploited a smart contract vulnerability in Balancer V2's composable stable pool, quickly impacting multiple Layer-2 networks.

• Exploit: The attacker exploited a flaw in the manageUserBalance function of its V2 Composable Stable Pools to withdraw funds without authorization and converted Balancer Pool Tokens into underlying assets like Ethereum by manipulating internal balances.
• Loss scale: Blockchain analysis companies PeckShield and Lookonchain report that the total loss has exceeded 128 million USD.
• Scope of Impact: The attack quickly spread to multiple Layer-2 networks sharing Balancer codebases such as Arbitrum, Base, Polygon, Optimism, Berachain, and Sonic.

Balancer and Its Partners' Emergency Response

In the face of the largest vulnerability in history, Balancer and related protocols quickly took measures to suspend operations and offer rewards.

• Protocol Response: Balancer quickly paused the affected liquidity pools and entered “recovery mode.” The team sent on-chain messages to the attacker, offering a 20% white hat bounty (worth about $25.6 million), requesting the return of funds within 48 hours.
• Ecological linkage: Multiple connecting protocols, including Gnosis, Berachain, and Beefy, have temporarily ceased operations to control the impact.

Berachain Emergency Hard Fork to Address Balancer V2 Vulnerability

The Berachain Foundation announced progress on the emergency hard fork initiated to address vulnerabilities in its decentralized exchange BEX. The vulnerability stemmed from a large-scale attack targeting the Balancer V2 liquidity pool and cross-chain forks.

The foundation stated in a statement released on X later on Monday that the hard fork binary files have been distributed to validators, many of whom have completed the upgrade. This binary file prevents addresses from transferring compromised tokens outside of the network and blocks further attacks on Berachain.

The foundation stated in the announcement: “Before going live again and regenerating blocks, we want to ensure that the core infrastructure partners needed for chain operations… have updated their RPC, so currently they will be the main obstacle to resuming network operations.”

Blockchain analytics firm Nansen attributed the incident to a flawed access control mechanism that allowed attackers to spoof transaction fees and convert them into withdrawable real assets through two Ethereum transactions executed within 90 seconds.

The team stated that the attack exposed a vulnerability in the Balancer V2 fork coin BEX, leading to approximately $12 million in funds being stolen, primarily from BEX's “Ethena/Honey three-pool.”

The foundation previously stated: “Given that this incident affects non-native assets (not just BERA), the rollback/forward operation involves more than just a simple hard fork, therefore Berachain will suspend operations until a complete solution is finalized.”

The Berachain Foundation stated that they are in communication with the current holder of the stolen funds, who is an MEV bot operator, claiming to be a “white hat” hacker and is willing to pre-sign transactions to return the funds once the blockchain is back in operation.

“Once the blockchain is back up and running, we will provide detailed information on the security measures implemented across BEX, other core applications, and the entire Berachain platform,” the foundation stated. “The team will also provide more information about the future development plans for BEX, as well as any other follow-up impacts that may have arisen in the past 24 hours.”

The decision to suspend network operations has received cautious support from industry insiders. Smokey The Bera, co-founder of Berachain, stated that this move, “although controversial, is necessary to safeguard user deposits.” On-chain investigator ZachXBT also supports the suspension, stating that it prioritizes user interests.

Conclusion

StakeWise successfully recovered most of the stolen assets, setting a rare success example for asset recovery in DeFi history. At the same time, Berachain's quick response has also set a benchmark for the industry in handling such security incidents. However, the significant losses from the Balancer vulnerability event have once again sounded the alarm for the security of smart contracts in a multichain environment, emphasizing the core importance of code audits and emergency response mechanisms in Decentralized Finance.