Berachain has executed an emergency hard fork to capture a hacker’s funds after a major breach of decentralized finance (DeFi) protocol Balancer, stealing more than $128 million from its V2 Composable Stable Pools.
This is being done to contain the fallout from the recent Balancer V2 exploit, which involves freezing funds linked to the attacker and coordinating asset returns through a self-appointed white-hat operator.
In a statement about X, the Bera Foundation confirmed that the hard fork binary has been distributed and many validators have already been upgraded.
Bera core update:
The hard fork binary has been released and many of the validators have been upgraded. Before we go live and produce blocks again, we want to ensure that the core infrastructure partners needed for chain operations (oracles for liquidations, etc.)…
— Berachain Foundation
(@berachain) November 4, 2025
The vibrancy of the chain remains interrupted while the core team works with infrastructure partners to ensure stability.
“Before we go live again and produce blocks, we want to ensure that the key infrastructure partners needed for chain operations – oracles for liquidations, etc. – have updated their RPCs,” the team said.
It added that bridges, centralized exchanges and custodians will be reconnected once the chain becomes active again.
The emergency measure comes after a serious breach of the DeFi protocol Balancer earlier this week.
Berachain implements emergency action after $128 million balancer exploit
The exploit targeted Balancer V2 Composable Stable Pools, lost more than $128 million across multiple chains. Security firm PeckShield was among the first to report the incident, calling it one of the biggest DeFi exploits of the year.
The attack lasted several hours as the hacker manipulated Balancer’s smart contracts via a vulnerability in the authorization logic.
Analysts from Defimon Alerts and Decurity later identified the issue within the manageUserBalance feature, which incorrectly verified user permissions.
Balancer Protocol loses over $116 million to cross-chain exploits, marking one of the largest DeFi security breaches in 2025.#Balancer #DeFihttps://t.co/7nZYB2xSar
— Cryptonews.com (@cryptonews) November 3, 2025
By abusing this control, the attacker could impersonate other users and withdraw internal balances without permission.
On-chain data reviewed by Nansen showed suspicious transfers of wrapped Ether (WETH), osETH, and wstETH to a new wallet, followed by large-scale conversions to Ethereum.
Cyvers Alerts reported that shortly afterwards the attacker began laundering money through Tornado Cash.
While the breach was still under investigation, on-chain analyst EmberCN reported that liquid staking protocol StakeWise successfully recovered 5,041 osETH, worth approximately $19.3 million, via a contract call.
The recovery has reduced the total number of stolen assets to approximately $98 million, more than half of which has already been converted into ETH.
Berachain is fast reaction was intended to prevent further losses after it became one of the affected ecosystems.
Balancer Breach tests DeFi defenses as Berachain prepares fund recovery
According to the foundation, a MEV bot operator, who has been active in the chain for several months, currently has the compromised funds in his possession and has agreed to return them.
“He has indicated that he has a white hat and is willing to pre-sign a series of transactions to return the money when the chain goes live,” Berachain said.
The team confirmed that the funds will be returned to the Berachain deployment address at 0xD276D…, and on-chain messages were sent to verify the process.
Furthermore, the Balancer exploit has intensified scrutiny of DeFi security. Despite undergoing more than ten audits by top companies, included OpenZeppelin, Trail of Bits and Certora, Balancer’s V2 contracts were compromised.
Developer Suhail Kakar commented that repeated audits are no longer a guarantee of security, noting that “code is hard, DeFi is harder.”
The incident adds to Balancer’s troubled security history. Since its launch in 2020, the protocol has suffered multiple attacks, including a $520,000 loss due to a deflationary token vulnerability in 2020, a $2.1 million rounding error exploit in 2023, and a DNS hijack later that year.
The total value of the balancer is locked collapsed from $442 million to about $213 million in a day, according to DeFiLlama data.
The post Berachain’s Emergency Hard Fork Traps Hacker, Freezes Balancer V2 Exploit Funds appeared first on Cryptonews.
