A critical vulnerability in the automated market maker led to massive losses across multiple chains and prompted an emergency shutdown of the Berachain blockchain.

The decentralized finance (DeFi) protocol Balancer suffered a devastating exploit on Monday, resulting in losses estimated at $128 million in digital assets. The attack targeted a vulnerability in Balancer V2 liquidity pools, impacting operations on several blockchains, including Ethereum, Arbitrum, and Base.

The fallout was so significant that the emerging Berachain network, whose native decentralized exchange is built on the same vulnerable code, orchestrated a complete halt of its blockchain. The Berachain team is now planning an emergency hard fork to roll back the chain to its state before the exploit occurred.

How a Rounding Error Led to a Nine-Figure Loss

According to on-chain analytics firm Nansen, the attacker exploited a subtle rounding error within the Balancer V2 pools. By executing multiple swaps in a single transaction, the hacker manipulated the price of the Balancer Pool Token (BPT), which represents a user’s share in a liquidity pool. This manipulation caused the BPT to become severely undervalued.

Once the BPT price was artificially depressed, the attacker acquired the tokens at a steep discount. They then immediately redeemed these underpriced BPTs for the underlying assets at their true value and converted the proceeds to ETH, securing the profit. Security experts from Cyvers and PeckShield estimate the total losses at around $128 million, while Nansen reported a figure closer to $100 million.

Balancer acknowledged the incident, confirming the vulnerability was isolated to its V2 Composable Stable Pools and that V3 pools were unaffected. The project’s native BAL token dropped over 11% following the news. Balancer is now working with security researchers to conduct a full postmortem.

Berachain’s Contentious Decision to Intervene

Berachain faced the most dramatic consequences, with an estimated $12.86 million lost from its ecosystem. In response, network validators coordinated to stop the chain, a move that has ignited debate within the crypto community.

The plan to perform a hard fork and reverse transactions challenges the core principle of blockchain immutability. For many industry purists, undoing transactions goes against the fundamental promise of cryptocurrency. The situation draws parallels to the infamous 2016 hack of The DAO on Ethereum, which led to a controversial hard fork that split the community and resulted in the creation of Ethereum Classic.

Berachain’s pseudonymous founder, Smokey the Bera, defended the decision on X (formerly Twitter), acknowledging the move could be seen as contentious. “Users and LPs on the network are always our priority,” he wrote. “When approximately $12 million of user funds are at risk from a malicious attacker, we attempted to coordinate the validator set to protect those users. The goal is to recover funds ASAP and ensure that all LPs are safe.”