The decentralized finance (DeFi) community is still trying to process what happened after Balancer, one of the earliest and most trusted projects in DeFi, was hit by a major hack that drained over $116 million in assets.
The attack hit Balancer’s V2 Composable Stable Pools and quickly turned into one of the biggest DeFi hacks of the year, leaving users unsettled and confidence in the space badly shaken.
In response, Curve Finance voiced concern over the incident, calling it a reminder for developers to stay vigilant, double-check their code, and design systems that can better guard against mistakes and vulnerabilities.
Curve Finance: “Heartbreaking to see an OG DeFi project get attacked”
On November 4, Curve Finance posted a message on X responding to the Balancer hack. “It’s very heartbreaking to see OG DeFi projects being exploited. Really wish the Balancer team to recover the assets,” the team wrote.
It's very heartbreaking to see OG DeFi projects being exploited. Really wish Balancer team to recover the assets.
— Curve Finance (@CurveFinance) November 4, 2025
Our engineers spent all day yesterday studying the Balancer exploit yesterday, checking if there is anything applicable to us.
Looks safe on our side so far, but… https://t.co/oKC5wjMgXL
Curve’s engineers spent the day dissecting the exploit to see if their own protocol faced similar risks. “Looks safe on our side so far,” the post continued, before offering advice to other developers: “Check your math, especially in ‘simple’ places, be paranoid; make design choices which are very forgiving to mistakes.”
The statement quickly spread across the crypto community, highlighting how even the most seasoned DeFi teams remain vulnerable to subtle flaws in smart contract logic. Curve’s message showed both care and caution. It reminded everyone that even the oldest and most trusted DeFi projects aren’t completely safe from being hacked.
What happened to Balancer
The attack was first detected around 7:48 a.m. UTC, when blockchain analytics firm Lookonchain flagged suspicious outflows of over $70 million from Balancer’s pools. Within hours, the figure ballooned to more than $128 million, according to security firm PeckShieldAlert.
The stolen funds included wrapped ETH derivatives such as WETH, osETH, wstETH, sfrxETH, and rETH, along with stablecoins like USDC and sUSDe, based on wallet data from DeBank.
Balancer confirmed the exploit later that day, clarifying that only V2 Composable Stable Pools, an older version launched in 2021, were affected. “Any pools that could be paused have been paused and are now in recovery mode,” the team wrote in its official X post. Balancer reassured users that V3 and other pools were safe.
In an effort to recover funds, the project announced a 20% bounty for anyone who could facilitate the return of the stolen assets — a move that has become standard practice after major DeFi exploits.
By late evening, Lookonchain estimated that the total losses stood at $116.6 million, spread across several networks including Ethereum, Polygon, and Base.
Berachain halts the network
The fallout extended beyond Balancer’s own ecosystem. The Berachain Foundation, which operates an Ethereum-compatible Layer 1 blockchain, announced that it had temporarily paused its network to protect users while developers investigated.
According to the Berachain, the Balancer exploit targeted the Ethena/Honey tripool through a complex transaction involving non-native assets. The pause, they said, was intentional and temporary, meant to give developers time to apply an emergency fix. Unlike a standard hard fork, the rollback required deeper technical intervention to ensure no further funds were at risk.
A brutal week for DeFi
The Balancer hack capped off a rough week for DeFi security. On October 30, Coinbase’s Base network suffered a smaller exploit worth about $220,000 in Wrapped Ether (WETH).
The issue stemmed from a vulnerable function called uniswapV3SwapCallback() that lacked proper access controls, allowing attackers to drain a victim’s wallet, according to auditing firm CertiK.
Just a day later, on October 31, cross-chain yield protocol Garden Finance was hacked for over $5.5 million. Blockchain investigator ZachXBT reported that the attackers quickly swapped the stolen tokens for Ether. In response, the Garden Finance team sent an on-chain message offering the hacker a 10% white-hat bounty in exchange for returning the funds.
Curve’s broader message to developers
Curve engineers emphasized two key takeaways: rigorously verify all mathematical logic, even in code that looks simple, and design protocols that can withstand small human errors.
The latter point is especially important in an industry built on immutable smart contracts, where a single miscalculation can have devastating effects. In DeFi, where there are no centralized failsafes or refunds, “forgiving” design choices can often mean the difference between a minor bug and a multi-million-dollar disaster.
Curve’s comments also led to conversations in the community about whether the project might offer some kind of goodwill gesture, such as an airdrop to users who can prove they lost funds in the Balancer hack.
Curve hasn’t confirmed any such plan, but the idea itself shows the sense of support and unity that still exists among DeFi’s earliest projects.
The bigger picture
The Balancer hack is a strong reminder that even the biggest and most trusted DeFi projects aren’t fully safe. No matter how many times the code is checked or how long a project has been running, even a small error can lead to huge losses.
Curve’s message to “check your math” and build systems that can handle human mistakes might sound basic, but it comes from real experience. In DeFi, one tiny slip can end up costing millions.
As DeFi keeps growing, the Balancer exploit serves as a hard lesson that decentralization offers both freedom and risk. Innovation is what drives the space forward, but without strong security, everything built on it can quickly fall apart.
Also Read: Curve Finance Warns: CRV Airdrop News is Confirmed Scam