From Balancer to Berachain, when the chain is paused.

The DeFi ecosystem has once again found itself at the center of a storm.

On November 3 (UTC), multiple projects built on Balancer V2 were hit by a sophisticated attack, resulting in cumulative losses exceeding $120 million. The incident affected not only Ethereum mainnet but also expanded to chains like Arbitrum, Sonic, and Berachain, marking another major security crisis for the industry following the Euler Finance and Curve Finance hacks.

BlockSec’s preliminary analysis identified this as a “high-complexity price manipulation attack.” The attacker manipulated the BPT (Balancer Pool Token) price calculation logic, exploiting rounding errors in the invariant to distort prices and execute repeated arbitrage within a single batch swap.

For example, the attack on Arbitrum unfolded in three steps:

• The attacker first swapped BPT for underlying assets, precisely adjusting the cbETH balance to the rounding threshold (about 9 units) to create conditions for subsequent precision loss;
• Next, a set amount (=8) was swapped between wstETH and cbETH. During scaling, downward rounding caused the calculated Δx to decrease slightly, leading to an underestimated Δy, shrinking the stable pool invariant D, and pushing down the theoretical BPT price;
• Finally, the attacker swapped the underlying assets back to BPT, profiting from the artificially suppressed price.

In short, it was a precision attack at the intersection of mathematics and code.

Balancer’s official team confirmed that V2 Composable Stable Pools were exploited. They are working with top security researchers to investigate, have promised a full post-incident analysis, and have urgently frozen all affected pools that can be paused. The vulnerability is limited to V2 Composable Stable Pools and does not impact Balancer V3 or other pool types.

After the Balancer V2 exploit, all projects forking Balancer experienced severe disruption. According to DeFiLlama, as of November 4 (UTC), the total value locked (TVL) in related projects dropped to about $49.34 million, a single-day decline of 22.88%. BEX, Berachain’s native DEX, saw TVL fall 26.4% to $40.27 million—still 81.6% of the ecosystem’s TVL—but outflows continued due to chain halts and frozen liquidity. Another victim, Beets DEX, fared even worse, with TVL plunging 75.85% in 24 hours and nearly 79% over the past 7 days.

Other Balancer-based DEXs also faced panic withdrawals: PHUX dropped 26.8% in a day, Jellyverse fell 15.5%, and Gaming DEX crashed 89.3% with almost all liquidity evaporated. Even smaller projects not directly impacted—such as KLEX Finance, Value Liquid, and Sobal—saw typical outflows of 5–20%.

Chain Reaction Unfolds: Berachain Executes Emergency Hard Fork

The Balancer V2 vulnerability quickly triggered cascading consequences.

Berachain, a new public chain built on Cosmos SDK, was also hit within hours because its native DEX, BEX, used Balancer V2 contracts. The foundation immediately announced a full network halt after detecting suspicious activity.

BEX’s USDe Tripool and other liquidity pools were threatened, with around $12 million at risk. The attacker exploited the same logic flaw as in Balancer, draining funds through multiple smart contract interactions. Since some assets were non-native tokens, the team needed to execute a hard fork to roll back affected blocks for recovery and tracing.

Meanwhile, multiple Berachain ecosystem protocols—including Ethena, Relay, and HONEY—took defensive actions:

• Blocked USDe cross-chain transfers;
• Paused lending market deposits;
• Stopped HONEY minting and redemption;
• Notified centralized exchanges to blacklist suspicious addresses.

The Berachain Foundation stated the network pause was deliberate, and normal operations will resume soon. The exploit mainly affected the Ethena/Honey three-pool through complex smart contract interactions. Because non-native assets (not just BERA) were impacted, rollback/roll-forward was more than a simple hard fork, so the network remains paused until a comprehensive solution is finalized.

On November 4 (UTC), the foundation announced that hard fork binaries had been distributed and some validators upgraded. Before coming back online and resuming block production, they want to ensure all core infrastructure partners (e.g., liquidation oracles) have updated their RPCs, as this is crucial for restoring the chain. After core services are ready, the team will coordinate with bridges, CEXs, custodians, and others to restore broader services.

Meanwhile, a Berachain MEV bot operator contacted the foundation after the halt, claiming to have extracted funds as a “white hat” and sent an on-chain message. The operator said they were willing to pre-sign transactions to return the funds once the blockchain resumes.

Security or Decentralization?

“We know it’s controversial, but when about $12 million in user assets is at risk, protecting users is the only choice,” said Berachain co-founder Smokey The Bera in response to concerns about centralization.

He admitted that Berachain hasn’t reached Ethereum’s level of decentralization and that validator coordination functions more like a crisis command center than an automated consensus network. In practice, on-chain nodes halted within an hour of the exploit, showing the efficiency of centralized decisions—but also exposing the extent of governance centralization.

The community response was immediately split.

Supporters felt the move showed responsibility for user safety—a form of “realistic decentralization.” Critics argued it violated the “Code is Law” principle and undermined on-chain immutability.

On-chain investigator ZachXBT commented, “With user funds at imminent risk, this was a tough but correct decision.”

Some outspoken developers countered: “If a blockchain can be paused by humans at any time, how is it any different from the traditional financial system?”

The DAO Incident’s Shadow Returns

This crisis reminded many veterans of the 2016 Ethereum DAO hack, when Ethereum rolled back transactions via hard fork to recover $50 million, splitting the community into Ethereum (ETH) and Ethereum Classic (ETC).

Nine years later, a similar dilemma appears.

This time, the main actor is a young public chain—without sufficient decentralization or the global consensus of a major network.

Berachain’s intervention stopped bigger losses but reignited the philosophical debate: can blockchain truly be autonomous?

In a sense, this is a mirror for the DeFi ecosystem: security, efficiency, and decentralization—true balance among the three has never been achieved.

When hackers can destroy tens of millions of dollars in seconds, “ideals” often give way to “reality.”

Balancer’s team said they are working with top security researchers and will release a full post-event analysis, cautioning users to beware of phishing messages from fake security teams.

Berachain expects to gradually restore block production and transaction functionality after the hard fork is complete.

However, restoring trust is harder than patching code. For a new public chain, halting the chain is an emergency fix, but may leave lasting scars. Users will question decentralization, and developers may worry about the promise of immutability.

The DeFi world may be redefining decentralization—not as absolute laissez-faire, but as consensus around the minimum compromise possible in a crisis.

Statement:

1. This article is reprinted from [Foresight News] and the copyright belongs to the original author [ChandlerZ, Foresight News]. For reprint disputes, contact the Gate Learn team for prompt handling.
2. Disclaimer: The opinions expressed herein are solely those of the author and do not constitute investment advice.
3. Other language versions are translated by the Gate Learn team. Without mention of Gate, copying, distributing, or plagiarizing translated articles is prohibited.