Crypto Community Divided on DeFi Trust Implications After $128M Balancer Exploit

Experts are debating whether the latest hack shakes confidence in DeFi or is just part of the inherent risks as investors chase higher yields.

Veteran decentralized exchange (DEX) Balancer v2 suffered a major hack on Monday, losing over $128 million and raising questions about whether users can trust even long-established, audited decentralized finance (DeFi) platforms.

On-chain data showed roughly $128 million in digital assets sent to the hacker‘s wallet across multiple blockchains, including 6,587 WETH (~$24.5 million), 6,851 osETH (~$26.9 million), and 4,260 wstETH (~$19.3 million), according to PeckShield. This marks Balancer’s largest hack to date.

The losses affected several networks, including Ethereum, Polygon, Base, Arbitrum, Optimism, Sonic, and Berachain. Balancer‘s native token, BAL, fell 11.1% to $0.87, according to CoinGecko. Meanwhile, the protocol’s total value locked (TVL) fell from $776 million to $406 million over the past 24 hours, according to DeFiLlama.

Experts are Divided

While Mondays Balancer exploit underscores that even established DeFi platforms remain vulnerable to attacks, experts are split on whether the breach has hurt overall confidence in DeFi.

Harry Donnelly, founder and CEO of Circuit, called Balancers breach “a serious warning” for the DeFi ecosystem, noting that this was “one of the most trusted names in the space” and “an early pioneer with a culture of compliance, backed by rigorous audits and open disclosure.”

At the same time, he cautioned that the same transparency that helped Balancer succeed also exposed it to exploitation. “If DeFi is to truly challenge traditional finance, it must stay ahead of bad actors through proactive resilience and response, not just reactive patching and freezing funds,” Donnelly said.

However, other industry experts emphasized that risk is an inherent part of DeFi investing and trust will likely remain the same.

“Smart contracts and financial engineering are part of the risk profile of investing in DeFi. This is why smart contract audits are important,” said Vladislav Ginzburg, founder and CEO of OneSource. “I don‘t think the Balancer exploit represents a new paradigm and thus shouldn’t change factors of trust or risk. The status quo is maintained.”

Kadan Stadelmann, CTO of Komodo Platform, echoed the sentiment, arguing that hardcore DeFi users will not be deterred, but institutional investors might be. “These types of hacks in DeFi are what lead institutional investors and alternative asset investors toward Bitcoin-only strategies,” he said.

Audits Mean “Almost Nothing”

The incident also raised questions on social media about the reliability of audits in DeFi. Suhail Kakar, a blockchain researcher, shared in a post on X that Balancer v2 had undergone more than 10 audits and still suffered an exploit.

Specifically, Balancer v2 underwent multiple security audits by firms such as Certora, OpenZeppelin, and Trail of Bits between 2021 and 2023.

“This space needs to accept that ‘audited by X’ means almost nothing,” Kakar said. “Code is hard, DeFi is harder. It is unfortunate, but hope the team recovers.”

Swift Intervention

Analysts say the hack stemmed from a flaw in Balancer v2s smart contracts that allowed unauthorized withdrawals.

Nicolai Sondergaard, Research Analyst at Nansen, said in comments shared with The Defiant that the attacker might have “faked a pile of fees into Balancers fee account, then hit the withdraw button and cashed out WETH, basically turning fake credits into real money.”

This marks Balancers third known security breach, following incidents in 2021 and 2023. The exploit also prompted Berachain, which has a TVL of $404 million, to temporarily halt its blockchain and execute an emergency hard fork to protect funds.

Berachain said it is monitoring the situation closely and “the network will be operational shortly upon recovering all affected funds.” Berachains BERA token fell 10% to $1.62 following the incident.

Meanwhile, other networks responded differently. Polygon validators reportedly froze the hacker‘s transactions, while Sonic added functionality to freeze and zero out the attacker’s S balances, one of Dragonfly Capitals managing partners pointed out on X.

Balancers Response

Balancer acknowledged the incident in two posts on X, noting that its engineering and security teams are investigating. “Well share verified updates and next steps as soon as we have more information,” the team wrote.

The team confirmed that the exploit affected only its v2 Composable Stable Pools and does not impact Balancer v3 or other pools.

They further explained that because some pools have been live on-chain for several years, “many were outside the pause window.” However, they added that “any pools that could be paused have been paused and are now in recovery mode.”

The team also warned of fake messages circulating in the wake of the hack and urged users to only rely on official communications via Balancers X account and Discord server.

The Defiant reached out to Balancer for comment, but has not yet heard back at the time of publishing.