Onchain evidence points to a calculated, high-level exploit that drained $116 million from Balancer
The $116 million exploit targeting Balancer, a leading decentralized exchange and automated market maker (AMM), appears to be the result of months of meticulous preparation by a highly skilled attacker, according to new onchain analysis.
Data from Ethereum shows the exploiter used advanced funding and obfuscation techniques, including small 0.1 ETH deposits through Tornado Cash, to gradually build up their operational wallet without raising red flags.
“The hacker seems experienced — seeded the account with 100 ETH and smaller Tornado Cash deposits, no operational security leaks,” noted Conor Grogan, Director at Coinbase, on X. “Since there were no recent 100 ETH Tornado deposits, it’s likely the exploiter had funds from previous hacks.”
Balancer was hacked for ~$100M. Hacker seems experienced: 1. Seeded account via 100 ETH and 0.1 Tornado Cash deposits. No opsec leaks 2. Since there were no recent 100 ETH Tornado deposits, likely that exploiter had funds there from previous exploits pic.twitter.com/OQOpfKwzxv
Grogan’s analysis revealed that the attacker may have held over 100 ETH within Tornado Cash contracts, suggesting prior illicit activity and deliberate use of crypto privacy infrastructure to mask origins.
Balancer confirmed the breach on Monday and has since offered a 20% white-hat bounty if the funds are returned by Wednesday, calling it a gesture toward resolution rather than confrontation.
“Our team is working with top blockchain security experts and will share a complete post-mortem soon,” Balancer stated on X.
Experts call it one of 2025’s most advanced DeFi attacks
According to Deddy Lavid, CEO of blockchain security firm Cyvers, the incident ranks among the most technically sophisticated attacks of 2025.
“The attackers bypassed access control layers to directly manipulate asset balances — a governance failure rather than a protocol logic issue,” Lavid explained. “Static code audits are no longer enough; real-time monitoring is essential to prevent future exploits.”
The breach has reignited scrutiny over DeFi security frameworks and the need for continuous onchain threat detection.
Similar patterns seen in Lazarus Group operations
The methodical preparation resembles tactics used by North Korea’s Lazarus Group, which reportedly paused hacking activity in mid-2024 before striking Bybit for $1.4 billion months later.
Blockchain firm Chainalysis reported that Lazarus’s reduced onchain movement was likely a “regrouping period” for planning large-scale attacks — underscoring how cybercriminals now operate with corporate-level precision and patience.
North Korean hacking activity before and after July 1. : Chainalysis
The Balancer incident reinforces a growing truth in DeFi: even the most audited protocols remain vulnerable when attackers combine patience, strategy, and cutting-edge blockchain expertise.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.
We use cookies to personalize content and ads, provide social media features, and analyze our traffic. In accordance with GDPR/AVG and EU cookie regulations, data is processed only with your consent. We may share information about your use of our website with our social media, advertising, and analytics partners, and you can manage or withdraw your consent at any time. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name
Active
Privacy Policy
At BitxJournal.com, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, store, and protect personal information in accordance with the General Data Protection Regulation (GDPR) and AVG (EU privacy legislation).
1. Data Controller
BitxJournal.com acts as the data controller for all personal data processed through this website.
2. Personal Data We Collect
We may collect and process the following categories of data:
Personal Data
Name and email address (when you subscribe to newsletters or contact us)
Technical & Usage Data
IP address, browser type, operating system
Device information
Pages visited, referral sources, and interaction data
This data is collected via cookies, log files, and analytics technologies.
3. Legal Basis for Processing
We process personal data only when a lawful basis exists, including:
Consent – when you explicitly agree (e.g., cookies, newsletter sign-up)
Legitimate interest – to operate, secure, and improve our website
Legal obligation – when required by applicable laws
You may withdraw your consent at any time.
4. Purpose of Data Processing
Your data is processed for the following purposes:
Operating and maintaining the website
Improving content, usability, and performance
Sending newsletters or updates (only with consent)
Analyzing traffic and user behavior
Responding to inquiries or support requests
5. Cookies & Consent Management
We use cookies and similar technologies in compliance with EU Cookie Law.
Non-essential cookies are placed only after explicit user consent
Users may accept, reject, or manage cookie preferences at any time
Consent can be withdrawn without affecting prior lawful processing
Detailed cookie information is available in our Cookie Settings panel.
6. Third-Party Data Processing
We may share limited data with trusted third-party service providers, including:
Analytics providers (e.g., Google Analytics)
Advertising partners (for personalized or non-personalized ads)
These third parties act as data processors and process data only under contractual obligations compliant with GDPR/AVG.
7. International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
9. Data Security
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
10. Your GDPR Rights
Under GDPR/AVG, you have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Request data erasure (“right to be forgotten”)
Restrict or object to processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with a revised effective date.
12. Contact Information
For privacy-related inquiries or GDPR requests, contact:
