BAL

Balancer

The world of cryptocurrencies is once again shaken by a major incident. Trust Wallet, one of the most popular crypto wallets, had to postpone a crucial update after discovering a malicious version of its Chrome extension. This event raises questions about the security of crypto t...

2025 was a big year for the crypto industry, but it came as a double-edged sword when looking at the bigger picture. On one hand, the industry matured in terms of institutional adoption, with a record number of mergers and acquisitions. There were 267 deals totalling $8.6 billion , making it a profitable year for those positioned on the right side of the trade. On the other hand, losses from hacks and exploits hit a record high, exposing how far the space still has to go on the security front. Data from security firms like SlowMist and CertiK reported that the number of security incidents dropped by 50% year-over-year, from over 400 in 2024 to approximately 200 in 2025. But the extent of financial losses tells a different story. Total stolen funds jumped by 55% compared to the previous year, climbing to over $3.4 billion. While basic security hygiene, such as routine smart contract audits and automated bug detection, is successfully eliminating the low-hanging fruit that amateur hackers used to target, the nature of attacks has fundamentally shifted. Modern attackers are no longer casting a wide net for small protocol vulnerabilities. Instead, professionalised groups, most notably the North Korean Lazarus Group, are spending months on reconnaissance and infrastructure infiltration to execute single, catastrophic strikes. The industry is now facing a quality over quantity crisis, where fewer attacks are taking place, but the ones that do happen are far more damaging. As 2026 begins, here’s a look back at four of the biggest security incidents of 2025, which exposed many of the industry’s weak points. Bybit Exchange: $1.5 billion The biggest incident of the year unfolded at the Dubai-based crypto exchange Bybit, which became the largest confirmed theft ever linked to North Korea’s state-backed Lazarus Group. Attackers spent months building trust with a developer at Safe{Wallet}, a leading multisig infrastructure provider, before they managed to introduce a malicious Docker project that quietly established a persistent backdoor. Once inside, the attackers injected malicious JavaScript into the frontend code of the Safe wallet interface used by Bybit’s internal signing team. As Bybit executives logged in to sign what appeared to be routine internal transactions, the user interface displayed correct wallet addresses and amounts. At the code level, however, the destination address was silently swapped for attacker-controlled wallets. Approximately $1.46 billion to $1.5 billion in ETH was drained, impacting a large number of users who were left exposed to one of the most severe security failures the industry has seen. The incident exposed a critical industry weak point around UI trust, reinforcing that hardware wallets and multisig thresholds offer little protection if the software layer presenting the transaction details has been compromised. Og Bitcoin whale: $330 million Back in April, a Satoshi-era Bitcoin whale who had been holding their coins untouched for over a decade became the victim of a devastating social engineering attack that resulted in the loss of 3,520 BTC, worth approximately $330.7 million at the time. The incident became etched in history as the largest individual theft in the history of the industry, as was framed by on-chain sleuth ZachXBT. Unlike attacks that target code, this one weaponised AI-powered deepfakes and voice cloning to bypass the victim’s psychological defences over a period of several months. The perpetrators, suspected to be an organised syndicate operating out of a sophisticated call centre in Camden, UK, using aliases like “Nina” and “Mo”, built a false sense of security with the elderly victim by impersonating trusted legal and technical advisors. Eventually, the attackers directed the victim to a fake “security verification” portal that mimicked a well-known wallet provider’s official support site, where the victim was manipulated into entering their private credentials or signing a specific transaction on their hardware device under the guise of an “account upgrade.” The funds were instantly moved. Funds were quickly laundered through “peel chains” and converted into the privacy coin Monero (XMR), causing a 50% price spike in Monero due to the sudden, massive demand. The incident ultimately exposed the extreme vulnerability of high-net-worth individuals who lack institutional-grade custody services, showing that no amount of encryption can protect assets if the human layer is effectively manipulated. Cetus Protocol exploit: $223 million Cetus Protocol, which is the largest decentralised exchange on the Sui network, was exploited in May due to a technical failure in its smart contract logic. The exploiter identified a critical arithmetic flaw in a shared open-source math library used for liquidity calculations, which allowed them to drain roughly $223 million in liquidity assets. Specifically, the function was designed to safely scale fixed-point numbers by shifting them left by 64 bits. However, it contained a logic error in its overflow check. The comparison used a mask that was too large, which permitted bitwise shifts that should have been rejected. By using a flash loan to create a liquidity provider position with an extremely narrow tick range, the attacker triggered an arithmetic overflow, more precisely a bitwise truncation, which caused the contract to calculate a required deposit of just 1 unit of a token while still crediting the attacker with massive liquidity. The attacker then simply removed the liquidity, claiming the pool’s real reserves based on the falsely inflated accounting. While Sui validators managed to coordinate an emergency freeze on $162 million of the assets before they could be bridged out, the net loss still remained one of the largest in 2025. It proved to the decentralised finance ecosystem that modern, safety-oriented languages like Move are not inherently immune to math bugs, and reinforced that mathematical rigor remains a non-negotiable requirement in protocol design. Balancer V2: $128 million Balancer suffered a sophisticated economic engineering exploit across multiple chains (Ethereum, Arbitrum, and Base) in November, as an attacker managed to weaponise a tiny discrepancy in how the protocol handled precision rounding during internal swaps. Balancer’s Composable Stable Pools utilised different rounding directions for upscaling and downscaling token amounts to protect the protocol’s Invariant, which serves as the mathematical anchor for the StableSwap algorithm, ensuring the pool maintains a constant total value and equilibrium during asset exchanges. The attacker discovered that by pushing pool balances into a specific 8 to 9 Wei range, they could cause the integer division to drop up to 10% of value through rounding-down errors. Subsequently, using an automated contract, the attacker initiated a single transaction containing over 65 micro-swaps. Each swap repeatedly shaved off a few Wei of value, compounding the precision loss until the pool’s internal accounting was completely distorted. As a result, they were able to take advantage of the compounded precision loss until the pool’s internal accounting was completely distorted, after which they could mint LP tokens at a suppressed price and redeem them for their full value instantly, extracting millions without triggering any of the protocol’s safety checks. The post Top crypto hacks of 2025: incidents that exposed the industry's weak points appeared first on Invezz

Gnosis Chain executes hard fork to recover $9.4M from Balancer exploit, ensuring asset security. Read original article on coinlive.me

Gnosis Chain, a blockchain network focused on decentralized infrastructure, has taken direct action to recover funds lost in the Balancer exploit. On December 23, Gnosis confirmed that its validator community approved a hard fork to move the stolen funds out of the hacker’s contr...

Instead of relying solely on negotiations, bounties, or white-hat recoveries, Gnosis validators opted for direct action. Earlier this week, the […] The post Gnosis Executes Hard Fork to Secure Funds After Recent Exploit appeared first on Coindoo.

Crypto News Gnosis chain operators completed a hard fork on Monday to recover funds from a November Balancer exploit that resulted in $116 million worth of stolen digital assets. The project announced the hard fork in a Tuesday X post following a notice for node operators. The re...

What Did Gnosis Do After the Balancer Hack? Operators of the Gnosis Chain carried out a hard fork this week to recover funds linked to the $116 million Balancer exploit disclosed in November. The action followed earlier emergency measures taken by validators and comes after weeks...

Gnosis Chain has confirmed that it has executed a hard fork to recover approximately $9.4 million in funds frozen following the November 2025 Balancer V2 exploit. The hard for k ac tivated on December 22, 2025, and the announcement came the next day via the official Gnosis Chain account. According to the official announcement posted on Gnosis Chain’s X page, the hard fork has been activated, and the funds are no longer within the hacker’s control. To ensure consensus, the post also urged all remaining node operators to take action to avoid penalties. The decision to rewrite the blockchain’s recent history to make users whole was touted as a solution, but it has exposed fault lines over governance and precedent on Gnosis Chain. Gnosis Chain initiates a hard fork According to a governance forum post, Philippe Schommers, Gnosis’ head of infrastructure, floated the idea that the network would need to undergo a hard fork on December 12. According to Schommers, this would help return funds frozen during the recent exploit of the DeFi protocol Balancer . The hard fork was scheduled to go live on December 22. Schommers wrote to nodes that fail to follow the chain with a majority of stake that they will face penalties. He said the team was focused on returning user funds by Christmas. The move was framed as a technical “rescue mission,” but the announcement sparked a heated debate in the project’s community over who gets to decide when a blockchain’s immutability can be broken. At the time, Schommers called the surrounding debate “an important one and, as always, we welcome all contributions.” He also emphasized that the hard fork depends on Gnosis Chain validators to go through. “As it stands, our validators have a choice to exercise their collective power transparently, to protect users, even as we work toward a future where no one has that power at all,” he said. Schommers also countered fears of the update affecting the chain’s immutability. “The hard fork requires relatively minor changes that do not affect chain history – and therefore do not affect fundamental immutability, which stands at the core of our ethos,” he said. Why is Gnosis Chain going through a hard fork? Balancer , an established decentralized exchange and automated market maker protocol, was targeted in November when an attacker exploited a vulnerability to siphon $128 million from Balancer V2 liquidity pools across multiple chains. Harry Donnelly, founder and CEO of Circuit, has tagged Balancer’s breach “a serious warning” for the DeFi ecosystem. According to Donelly, the target was “one of the most trusted names in the space” and “an early pioneer with a culture of compliance, backed by rigorous audits and open disclosure.” In response to the exploit, validators approved a soft fork that restricted bridge movements, freezing $9.4 million of the stolen assets on-chain. Recovering those funds required a hard fork, which is what triggered debates on the network’s commitment to immutability. There have been mixed reactions to the move, with the camp split over how to interpret it. Lefteris Karapetsas, the founder of Rotki, a privacy-focused portfolio tracker, claimed the move reflects accountability rather than centralization. “The coordinated soft fork and the clear plan toward a hard fork show that Gnosis Chain takes security, users, and ecosystem responsibility seriously,” wrote Karapetsas. Others have claimed it sets a dangerous future precedent and have demanded formal rules to govern future interventions. A user under the alias TheVoidFreak noted in their forum response that accepting a hard fork requires “a strict framework that no one can deviate from,” arguing that without it, violations of “Code is law” and immutability would have unmanaged consequences. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

The Gnosis hard fork, executed on Monday, recovered funds from the November Balancer exploit where $116 million in crypto was stolen. Following a soft fork by most validators, this hard fork placed the assets out of the hacker's control, enabling potential recovery for affected users by Christmas. Gnosis chain operators implemented a hard fork to [...]