The decentralized finance (DeFi) platform Balancer has suffered a major exploit, resulting in the theft of over $116 million in digital assets. Preliminary investigations revealed that attackers exploited a vulnerability in smart contract interactions, specifically targeting Balancer’s vaults and liquidity pools. The flaw enabled the deployment of a malicious contract that manipulated vault calls during pool initialization.

Hours after the breach was first reported, Balancer confirmed the incident, stating that its v2 pools were affected. In a post on X, the platform said its engineering and security teams were investigating the matter with high priority and would provide updates as more information became available. The post did not disclose the exact value of assets lost.

According to a social media user known as Adi, investigators found that the exploit was purely smart contract-based and did not involve a private key compromise.

“Improper authorization and callback handling allowed the attacker to bypass safeguards, enabling unauthorized swaps and balance manipulations across interconnected pools, draining assets within minutes,” Adi explained on X.

The stolen funds—primarily Ethereum-based assets—were funneled into a new wallet controlled by the attackers and later consolidated, a move Adi suggested could indicate plans to launder the assets via mixers or cross-chain bridges.

In a follow-up post, Adi speculated that the attackers may have embedded console logs on-chain or used techniques like “vibe coding” or large language models (LLMs) to execute the exploit.

Adi also urged users to take precautionary steps, including withdrawing funds from Balancer v2 pools or avoiding affected ones entirely. Users were further advised to revoke smart contract permissions associated with Balancer addresses.

• What happened to Balancer? The DeFi platform was exploited for over $116 million via a smart contract vulnerability.
• Which pools were affected? Balancer confirmed the breach impacted its v2 liquidity pools.
• Was it a private key hack? No, investigators say the attack was purely smart contract-based with no key compromise.
• What should users do now? Users are urged to withdraw from affected pools and revoke Balancer smart contract permissions.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。