‘Critical vulnerability’ reported in Balancer v2 pools

The vulnerability has been mitigated in around 80% of the affected v2 pools

by Bessie Liu /
article-image

Tang Yan Song/Shutterstock modified by Blockworks

share

Liquidity protocol Balancer has discovered and disclosed a “critical vulnerability” affecting more than 100 of its v2 pools across eight blockchains.

Balancer said the issue has been mitigated in around 80% of the impacted pools. The remaining 20% of affected pools represent roughly 4% of Balancer’s total value locked (TVL).

The Balancer team posted a list of affected pools on its GitHub page and its emergency subDAO has been activated, enabling users to exit from affected pools. 

Newsletter

Subscribe to The Breakdown

“We believe funds in the mitigated pools (labeled ‘mitigated’) are safe, but nevertheless strongly recommend timely migration to safe pools, or withdrawal,” Jeff Bennett, a software engineer at Balancer Labs, wrote in a post. 

Bennett urged all liquidity providers to exit their positions in affected pools immediately. 

“Pools that could not be mitigated are labeled ‘at risk.’ If you are [a liquidity provider] in any of these pools, please exit immediately,” he wrote.

The situation had an immediate market impact. The price of Balancer’s native token BAL dipped by over 4% on the news of the vulnerabilities. BAL’s price has since recovered, trading at $3.47 at the time of writing. 

Blockworks Research analyst Spencer Hughes noted that the Balancer vulnerability shows that smart contract audits cannot guarantee total safety, and that it is important to note that they never claimed to be.

“With ~$830M TVL, a Balancer exploit would have left one of the most prominent DEXs for dead,” Hughes said. “Emergency SubDAOs are definitely very important for all DeFi protocols, and it is great that they were able to act before anything malicious could occur.”

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Unlocked by Template.png

Research

The Cross‑Chain Interoperability Stack

The march toward an interoperable and onchain-by-default internet depends on reliable messaging and value transfer across heterogeneous domains. Crosschain protocols now process >$1.3T in combined annual transfer volume and secure tens of millions of user interactions, yet no single design dominates.

by Nick Carpinito

/

news

article-image

Forward Guidance NewsletterMarkets

DAS Day 2: Tokenization’s ‘Trojan horse’ moment

The goal, per Santiago Santos, is to make crypto a relatable piece of tech for people who may not even understand it

by Ben Strack /
article-image

FinancePolicy

Stripe’s stablecoin biz seeks national bank trust charter

Stripe stablecoin unit aims to operate under a federal charter enabling regulated stablecoin issuance and custody services

by Blockworks /
article-image

BusinessThe Drop

Mastercard crypto SVP unpacks industry’s mass adoption problem

Will TradFi make crypto better or create more problems than it solves?

by Kate Irwin /
article-image

0xResearch NewsletterMarkets

Risk management is paramount

Subtle decisions by risk curators saved Aave from significant turmoil

by Luke Leasure /
article-image

BusinessDeFi

Institutional Bitcoin DeFi initiative launched on Rootstock

The new Rootstock Institutional unit aims to connect professional investors to Bitcoin-native yield and liquidity strategies anchored in BTC’s security layer

by Blockworks /
article-image

Policy

DOJ seeks forfeiture of more than $14B in bitcoin tied to global fraud ring

DOJ files record civil forfeiture against more than 127,000 BTC linked to scam activity

by Blockworks /