🧵 PANews Original｜$128M Exploit Hits Balancer, 27 Forks Affected — 3 Lessons for DeFi 1/ On November 3, a sudden security breach shattered trust across the DeFi landscape. Veteran DeFi project @Balancer suffered an exploit that saw funds drained from its vaults, with total losses surging from an initial $70M to $128.64M—marking one of the worst #DeFi #Hacks of 2025.

2/ Exploit Mechanics: A Flawed Access Control The attacker targeted a vulnerability in Balancer V2’s composable stable pools, exploiting flawed access control to spoof fee ownership and drain assets. Even more concerning, the same codebase underpins 27 forked protocols deployed across seven major chains—including @ethereum and @berachain systemic risk across the ecosystem.

2/ Exploit Mechanics: A Flawed Access Control The attacker targeted a vulnerability in Balancer V2’s composable stable pools, exploiting flawed access control to spoof fee ownership and drain assets. Even more concerning, the same codebase underpins 27 forked protocols deployed across seven major chains—including @ethereum and @berachain systemic risk across the ecosystem.

3/ Decentralization vs. User Protection Debate Ignites @berachain responded by halting its network and rolling back transactions, sparking heated debate over decentralization vs. user protection. The exploit triggered a sharp collapse in Balancer’s TVL and mass capital outflows from its forks, exposing deep-rooted issues in smart contract audits, protocol composability, and DeFi security frameworks.

4/ A Wake-Up Call for DeFi Security This incident stands as a stark reminder: as DeFi pushes toward composability and modular design, robust security architecture is no longer optional—it’s foundational.