Balancer Hack Exposes Expert-Level Exploiter
According to a report, the $116 million exploit of Balancer may have been the work of a sophisticated actor who likely spent months preparing the attack. Balancer is a decentralized exchange (DEX) and automated market maker (AMM).
The hacker funded their account with multiple 0.1 ETH deposits through Tornado Cash to elude detection, according to blockchain analysis. Conor Grogan, Coinbase director, stated that the attacker stored at least 100 ETH on Tornado Cash smart contracts, suggesting possible links to other hacks.
This hacker appears highly experienced, as their account was seeded with 100 ETH and has made 0.1 Tornado Cash deposits. Grogan posted on X: “No operational security leaks.” Roughly translated, the phrase means the money likely originated from earlier activity.
According to Grogan, users generally don’t put large sums into privacy mixers, indicating professional operational precision on behalf of the attacker.
White Hat Incentive to Return Funds
In response, Balancer offered a 20% white hat bounty for the return of the stolen assets in full, minus the bounty, by Wednesday.
Balancer tweeted that they are working with top security researchers to understand the issue and promised a detailed post-mortem.
Also Read : JPYC Unveils Nation’s First Yen-Backed Stablecoin to Revolutionize Digital Payments
Security Specialists Name This One of the Most Sophisticated Assaults of 2025
Cybersecurity expert Deddy Lavid called the latest Balancer exploit one of the most sophisticated attacks of 2025.
Attackers manipulated asset balances directly by bypassing access controls. Lavid explained that the protocol logic wasn’t the issue, but rather a failure of operational governance.
He emphasized that static code audits aren’t sufficient anymore — projects need constant monitoring to detect suspicious activity before more assets are lost.
Learn from Lazarus Group to Prepare and Be Patient
The attack is reminiscent of state-sponsored hacks. North Korea’s Lazarus Group engaged in no illicit activity for over a year before the Bybit hack.
Eric Jardine, Chainalysis cybercrimes research lead, noted that the drop in activity after July 2024 was likely for regrouping, target selection, and infrastructure probing.
In the Bybit case, Lazarus Group laundered 100% of the stolen funds in 10 days through THORChain.
