Balancer, a decentralized exchange (DEX) on the Ethereum blockchain, is making a final appeal to the hacker responsible for the recent exploit that drained over $100 million in digital assets from its V2 protocol and related forks. The team is reportedly attempting to re-establish control following the breach.

The exploit, which occurred on Monday, November 3, 2025, targeted vulnerabilities in Balancer's V2 vaults. Security researchers at PeckShield and Cyvers were among the first to flag the incident, warning that funds connected to the attacker's wallet were still being siphoned. Cyvers initially estimated total losses at approximately $128 million. Other reports indicated that roughly $70.6 million was drained from Ethereum, with the remaining losses occurring across other chains. Before the attack, Balancer managed over $700 million in total assets.

The Balancer team confirmed they were aware of the exploit and said that their engineering and security teams were investigating the incident with "high priority". Deddy Lavid, CEO of Cyvers, stated that the ongoing drain likely stemmed from a compromise of access control mechanisms within the protocol, which allowed the attackers to directly manipulate balances.

Balancer has been actively communicating with the hacker through on-chain messages and other channels, urging them to return the stolen funds. In their latest appeal, Balancer is offering a substantial bounty and guaranteeing no legal repercussions if the funds are returned within a specified timeframe. They argue that cooperation is in the hacker's best interest, as tracing stolen funds in the crypto space is becoming increasingly sophisticated.

The incident has broader implications for the DeFi sector. Recent data shows the overall cryptocurrency market has decreased by 2.6% to $3.46 trillion. This exploit underscores the persistent security challenges faced by decentralized finance protocols and the importance of rigorous security audits and proactive risk management. Other recent security breaches include alleged hacks of DWF Labs and the exploitation of Nobitex.

Following the Balancer exploit, Berachain, a high-performance EVM-compatible Layer 1 blockchain, executed an emergency hard fork. This action highlights the reactive measures that blockchain projects must sometimes take in the face of critical security vulnerabilities.