BAL

Balancer

The Rosen Law Firm, a US-based securities class action firm, has initiated an investigation into potential securities claims linked to the major exploit that rocked Balancer on November 3, 2925. Rosen has alleged that Balancer may have issued materially misleading business information to the public and its investors prior to the incident. Rosen encourages Balancer investors to reach out The law firm claims in a recent announcemen t that it is investigating potential securities claims on behalf of investors and has urged those who purchased Balancer cryptocurrency to reach out, as they may be entitled to compensation without payment of any out-of-pocket fees or costs through a contingency fee arrangement. This is in preparation for the class action Rosen is seeking to launch in hopes of recovering investor losses. Those who wish to join the prospective class action have been urged to reach out via its official channels for information on the class action. Rosen is confident in its ability to pursue justice and has clients throughout the globe, concentrating its practice in securities class actions and shareholder derivative litigation. The Law Firm claims it was ranked No. 1 by ISS Securities Class Action Services for the number of securities class action settlements in 2017 and has been ranked in the top 4 each year since 2013. What happened with the Balancer exploit? The Balancer exploit occurred on November 3, 2025, and according to Cryptopolitan reporting at the time, Balancer, a decentralized finance protocol, was hit in a major attack where the attackers made away with more than $100 million in digital assets, according to blockchain security firms. Security researchers at PeckShield and Cyvers also flagged the incident, warning that funds linked to the attacker’s wallet were still being siphoned. The attack was sophisticated and targeted a vulnerability in Balancer’s V2 smart contracts, specifically the arithmetic precision/running errors in pool invariant calculations, plus access control issues in the vault system. The protocol responded to the attack by pausing operations as parts of the exploit involved cross-chain elements. The breach allowed the attackers unauthorized manipulation of balances and drainage across chains in a short time. Some funds were reportedly recovered by whitehat actors, and Balancer outlined reimbursement plans for affected liquidity providers. That outline was made in late November, and the team pledged to distribute $8 million from the recovered assets to those affected. The plan would involve non-socialized distribution, meaning the funds go only to LPs in the specifically affected pools rather than broadly across the protocol. It also emphasized pro-rata based on Balance Pool Token holdings at pre-exploit snapshot blocks and in-kind reimbursement with whitehats who were entitled to 10% bounties for their help. While the proposal moved through community review and governance discussion stages, there has been no widespread confirmation of full payouts or distributions as of February 2026. If you're reading this, you’re already ahead. Stay there with our newsletter .

The Balancer protocol has attributed the decline in its native BAL token to an external market event involving mass liquidations on DeFi lending platforms Aave and Venus. Balancer announced on X , “We observed significant liquidations of large BAL positions on Aave and Venus overnight, which led to significant price volatility.” Aave comes out profitable despite volatility Chaos Labs analyzed the incident that occurred on Aave, pointing out that the price movement, which occurred over a two-hour period in late January, was triggered by the liquidation of large BAL-collateralized positions, predominantly from the wallet known as humpy.eth, which represented the majority of BAL exposure across lending markets. Following these liquidations, the BAL market contracted by more than 95%, leaving minimal remaining debt exposure. According to Chaos Labs , Aave came out of this episode unscathed after recording a net positive position. The lending protocol processed $202.47 million in collateral seizures against $193.12 million of repaid debt over a seven-day period that saw a 10 to 20% drawdown across major cryptocurrency assets. The protocol was able to capture $980,000 in liquidation fees and 804 ETH, valued at around $1.85 million, through its Smart Vault Revenue recapture mechanism. However, the lending protocol recorded a modest $30,000 deficit stemming from BAL-collateralized positions, which was the only material shortfall during the event. On a net basis, the liquidation activity proved economically beneficial for Aave, with SVR revenue alone exceeding deficit realization. Chaos Labs recommended further deprecation of BAL within Aave’s risk framework, proposing a reduction of the supply cap to one in an upcoming Risk Steward update. Venus , on the other hand, fell after an intraday sell-off that saw its token, XVS, fall briefly from $3.12 before stabilizing around $3.32. XVS trades at $3.60 as of the time of writing. How does this liquidation affect Balancer? BAL crashed from over $0.40 per token to its all-time low, trading around $0.18 on February 2. Currently, it trades at over $0.22, a 2.4% drop in the past 24 hours. BAL price chart. Source: CoinMarketCap However, Balancer stated that “the protocol remains secure, fully operational, and unaffected by these liquidations.” It is roughly three months since Balancer suffered a $128 million exploit. That incident affected other platforms that utilized its solution, and it is safe to say that user confidence might have been affected. So, it is understandable that the platform will come out to clear the air before speculative forces take control. BAL has been trading as low as $0.48 in recent sessions, which is a far cry from its all-time high of $74.45 reached in May 2021. The crypto market experienced some volatility around January 29, which saw Bitcoin fall below $80,000, the first time in over nine months. By February 2, Bitcoin fell below $75,000 and currently trades around $78,000. Ethereum dropped to the $2,100-$2,400 range during the period. Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.

DeFi protocol Venus experiences $27M breach, leading to operational pause amid ongoing investigations. Read original article on bitcoininfonews.com

The world of cryptocurrencies is once again shaken by a major incident. Trust Wallet, one of the most popular crypto wallets, had to postpone a crucial update after discovering a malicious version of its Chrome extension. This event raises questions about the security of crypto t...

2025 was a big year for the crypto industry, but it came as a double-edged sword when looking at the bigger picture. On one hand, the industry matured in terms of institutional adoption, with a record number of mergers and acquisitions. There were 267 deals totalling $8.6 billion , making it a profitable year for those positioned on the right side of the trade. On the other hand, losses from hacks and exploits hit a record high, exposing how far the space still has to go on the security front. Data from security firms like SlowMist and CertiK reported that the number of security incidents dropped by 50% year-over-year, from over 400 in 2024 to approximately 200 in 2025. But the extent of financial losses tells a different story. Total stolen funds jumped by 55% compared to the previous year, climbing to over $3.4 billion. While basic security hygiene, such as routine smart contract audits and automated bug detection, is successfully eliminating the low-hanging fruit that amateur hackers used to target, the nature of attacks has fundamentally shifted. Modern attackers are no longer casting a wide net for small protocol vulnerabilities. Instead, professionalised groups, most notably the North Korean Lazarus Group, are spending months on reconnaissance and infrastructure infiltration to execute single, catastrophic strikes. The industry is now facing a quality over quantity crisis, where fewer attacks are taking place, but the ones that do happen are far more damaging. As 2026 begins, here’s a look back at four of the biggest security incidents of 2025, which exposed many of the industry’s weak points. Bybit Exchange: $1.5 billion The biggest incident of the year unfolded at the Dubai-based crypto exchange Bybit, which became the largest confirmed theft ever linked to North Korea’s state-backed Lazarus Group. Attackers spent months building trust with a developer at Safe{Wallet}, a leading multisig infrastructure provider, before they managed to introduce a malicious Docker project that quietly established a persistent backdoor. Once inside, the attackers injected malicious JavaScript into the frontend code of the Safe wallet interface used by Bybit’s internal signing team. As Bybit executives logged in to sign what appeared to be routine internal transactions, the user interface displayed correct wallet addresses and amounts. At the code level, however, the destination address was silently swapped for attacker-controlled wallets. Approximately $1.46 billion to $1.5 billion in ETH was drained, impacting a large number of users who were left exposed to one of the most severe security failures the industry has seen. The incident exposed a critical industry weak point around UI trust, reinforcing that hardware wallets and multisig thresholds offer little protection if the software layer presenting the transaction details has been compromised. Og Bitcoin whale: $330 million Back in April, a Satoshi-era Bitcoin whale who had been holding their coins untouched for over a decade became the victim of a devastating social engineering attack that resulted in the loss of 3,520 BTC, worth approximately $330.7 million at the time. The incident became etched in history as the largest individual theft in the history of the industry, as was framed by on-chain sleuth ZachXBT. Unlike attacks that target code, this one weaponised AI-powered deepfakes and voice cloning to bypass the victim’s psychological defences over a period of several months. The perpetrators, suspected to be an organised syndicate operating out of a sophisticated call centre in Camden, UK, using aliases like “Nina” and “Mo”, built a false sense of security with the elderly victim by impersonating trusted legal and technical advisors. Eventually, the attackers directed the victim to a fake “security verification” portal that mimicked a well-known wallet provider’s official support site, where the victim was manipulated into entering their private credentials or signing a specific transaction on their hardware device under the guise of an “account upgrade.” The funds were instantly moved. Funds were quickly laundered through “peel chains” and converted into the privacy coin Monero (XMR), causing a 50% price spike in Monero due to the sudden, massive demand. The incident ultimately exposed the extreme vulnerability of high-net-worth individuals who lack institutional-grade custody services, showing that no amount of encryption can protect assets if the human layer is effectively manipulated. Cetus Protocol exploit: $223 million Cetus Protocol, which is the largest decentralised exchange on the Sui network, was exploited in May due to a technical failure in its smart contract logic. The exploiter identified a critical arithmetic flaw in a shared open-source math library used for liquidity calculations, which allowed them to drain roughly $223 million in liquidity assets. Specifically, the function was designed to safely scale fixed-point numbers by shifting them left by 64 bits. However, it contained a logic error in its overflow check. The comparison used a mask that was too large, which permitted bitwise shifts that should have been rejected. By using a flash loan to create a liquidity provider position with an extremely narrow tick range, the attacker triggered an arithmetic overflow, more precisely a bitwise truncation, which caused the contract to calculate a required deposit of just 1 unit of a token while still crediting the attacker with massive liquidity. The attacker then simply removed the liquidity, claiming the pool’s real reserves based on the falsely inflated accounting. While Sui validators managed to coordinate an emergency freeze on $162 million of the assets before they could be bridged out, the net loss still remained one of the largest in 2025. It proved to the decentralised finance ecosystem that modern, safety-oriented languages like Move are not inherently immune to math bugs, and reinforced that mathematical rigor remains a non-negotiable requirement in protocol design. Balancer V2: $128 million Balancer suffered a sophisticated economic engineering exploit across multiple chains (Ethereum, Arbitrum, and Base) in November, as an attacker managed to weaponise a tiny discrepancy in how the protocol handled precision rounding during internal swaps. Balancer’s Composable Stable Pools utilised different rounding directions for upscaling and downscaling token amounts to protect the protocol’s Invariant, which serves as the mathematical anchor for the StableSwap algorithm, ensuring the pool maintains a constant total value and equilibrium during asset exchanges. The attacker discovered that by pushing pool balances into a specific 8 to 9 Wei range, they could cause the integer division to drop up to 10% of value through rounding-down errors. Subsequently, using an automated contract, the attacker initiated a single transaction containing over 65 micro-swaps. Each swap repeatedly shaved off a few Wei of value, compounding the precision loss until the pool’s internal accounting was completely distorted. As a result, they were able to take advantage of the compounded precision loss until the pool’s internal accounting was completely distorted, after which they could mint LP tokens at a suppressed price and redeem them for their full value instantly, extracting millions without triggering any of the protocol’s safety checks. The post Top crypto hacks of 2025: incidents that exposed the industry's weak points appeared first on Invezz

Gnosis Chain executes hard fork to recover $9.4M from Balancer exploit, ensuring asset security. Read original article on coinlive.me

Gnosis Chain, a blockchain network focused on decentralized infrastructure, has taken direct action to recover funds lost in the Balancer exploit. On December 23, Gnosis confirmed that its validator community approved a hard fork to move the stolen funds out of the hacker’s contr...

Instead of relying solely on negotiations, bounties, or white-hat recoveries, Gnosis validators opted for direct action. Earlier this week, the […] The post Gnosis Executes Hard Fork to Secure Funds After Recent Exploit appeared first on Coindoo.

Crypto News Gnosis chain operators completed a hard fork on Monday to recover funds from a November Balancer exploit that resulted in $116 million worth of stolen digital assets. The project announced the hard fork in a Tuesday X post following a notice for node operators. The re...