Urgent Hard Fork Launched by Berachain After $128 Million Balancer Exploit Translation: Urgent Hard Fork Launched by Berachain After $128 Million Balancer Exploit

The Berachain Foundation team has initiated an urgent hard fork following the breach of Balancer amounting to $128 million. The network was halted to address a vulnerability in the native decentralized exchange known as BEX.

The weakness in BEX—built on the Balancer V2 fork—was part of a larger attack. On November 3, the breach impacted liquidity pools of the DeFi protocol across Ethereum, Arbitrum, Base, and Polygon. Approximately $12 million was siphoned from the liquidity pool of ENA/HONEY on BEX.

According to analysts at Nansen, the incident stemmed from a failure in the access control mechanism, enabling the hacker to generate fake fees and withdraw them as legitimate assets.

The hard fork will prevent the stolen tokens from being moved out of the network and block further attacks. Developers have already distributed updates to the validators.

The network will resume operations once key infrastructure partners upgrade their RPC servers. In a statement, the team identified this as “a major obstacle to resuming operations.”

Foundation representatives are in talks with an MEV operator currently holding the stolen funds. This operator has expressed willingness to return the assets after the network is relaunched, referring to themselves as a «white hat hacker.»

After the network’s restoration, the Berachain team has promised to release a report outlining security measures and future development plans for BEX.

According to GitHub, the smart contracts for Balancer V2 underwent 11 audits from four firms: OpenZeppelin, Trail of Bits, Certora, and ABDK, with the last audit conducted in September 2022.

«The [Balancer] protocol has been audited three times by different firms, yet it was still compromised. This industry must recognize that ‘audited by firm X’ means almost nothing. Code is complex, and DeFi is even more so,» stated Suhail Kakar, head of developer relations at the blockchain project TAC.

The Balancer team offered the hacker a bounty of 20% of the stolen amount, contingent upon a full return of the funds within 48 hours. If refused, the protocol threatened to involve blockchain forensic specialists and law enforcement.

It is worth noting that in August 2023, Balancer developers reported a critical vulnerability affecting several pools in the second version of the DeFi platform.