How 11 audits couldn’t stop Balancer’s $128 million hack redefining DeFi risks

Balancer, a long-trusted DeFi protocol, lost over $128 million on November 3rd due to an exploit that targeted Balancer Pool Tokens (BPT) by manipulating the calculation of pool prices during batch swaps. Preliminary forensics suggested the attacker bypassed safeguards through improper authorization and callback handling, leveraging Balancer's composable vault architecture to rapidly drain interconnected pools across multiple chains, with Ethereum suffering the largest losses.

The breach caused Balancer's Total Value Locked (TVL) to drop by 46%, leading to a significant "trust collapse" within the DeFi community, as the incident demonstrated that longevity and multiple audits (Balancer had over 11) do not guarantee safety. Analysts noted the attacker's sophisticated approach, funded via Tornado Cash, highlighting that systemic risk is amplified by composability in DeFi.

The exploit occurred during a period when DeFi hack losses were trending low, immediately surging November's total past $120 million. This event underscores the paradox of DeFi: while protocols react quickly to contain contagion, the lack of traditional financial backstops means confidence is fragile, potentially accelerating regulatory scrutiny as policymakers address the risks associated with integrating decentralized finance with traditional markets.

(Source：CryptoSlate)