Berachain has executed an emergency hard fork to trap a hacker’s funds following a major breach on decentralized finance (DeFi) protocol Balancer, which saw over $128 million stolen from its V2 Composable Stable Pools.
This is done to contain the fallout from the recent Balancer V2 exploit, freezing funds linked to the attacker and coordinating a return of assets through a self-identified white-hat operator.
In a statement on X, the Bera Foundation confirmed that the hard fork binary has been distributed and many validators have already upgraded.
The chain’s liveness remains paused while the core team works with infrastructure partners to ensure stability.
“Prior to going live and producing blocks once again, we’d like to ensure that core infrastructure partners necessary for chain operations—oracles for liquidations, etc.—have updated their RPCs,” the team said.
It added that bridges, centralized exchanges, and custodians will be reconnected once the chain resumes activity.
The emergency measure comes after a severe breach at DeFi protocol Balancer earlier this week.
Berachain Executes Emergency Measure After $128M Balancer Exploit
The exploit targeted Balancer V2 Composable Stable Pools, draining over $128 million across multiple chains. Security firm PeckShield was among the first to flag the incident, calling it one of the largest DeFi exploits of the year.
The attack unfolded over several hours as the hacker manipulated Balancer’s smart contracts through a vulnerability in its authorization logic.
Analysts at Defimon Alerts and Decurity later identified the issue within the manageUserBalance function, which improperly verified user permissions.
By exploiting this oversight, the attacker was able to impersonate other users and withdraw internal balances without authorization.
On-chain data reviewed by Nansen showed suspicious transfers of wrapped Ether (WETH), osETH, and wstETH to a new wallet, followed by large-scale conversions into Ethereum.
Cyvers Alerts reported that the attacker began laundering funds through Tornado Cash shortly afterward.
While the breach was still under investigation, on-chain analyst EmberCN reported that liquid staking protocol StakeWise successfully recovered 5,041 osETH, worth roughly $19.3 million, via a contract call.
The recovery reduced total stolen assets to around $98 million, with more than half already converted to ETH.
Berachain’s swift response was intended to prevent further losses after it became one of the affected ecosystems.
Balancer Breach Tests DeFi’s Defenses as Berachain Prepares Fund Recovery
According to the foundation, an MEV bot operator, who has been active on the chain for several months, currently holds the compromised funds and has agreed to return them.
“He has indicated that he is a white hat and is willing to pre-sign a set of transactions to transfer the funds back upon the chain going live,” Berachain stated.
The team confirmed that the funds will be restored to the Berachain deployer address at 0xD276D…, and on-chain messages have been sent to verify the process.
Additionally, the Balancer exploit has intensified scrutiny of DeFi security. Despite undergoing more than ten audits by top firms, including OpenZeppelin, Trail of Bits, and Certora, Balancer’s V2 contracts were compromised.
Developer Suhail Kakar commented that repeated audits are no longer a guarantee of safety, noting that “code is hard, DeFi is harder.”
The incident adds to Balancer’s troubled security history. Since launching in 2020, the protocol has suffered multiple attacks, including a $520,000 loss due to a deflationary token vulnerability in 2020, a $2.1 million rounding error exploit in 2023, and a DNS hijack later that year.
Balancer’s total value locked has plunged from $442 million to around $213 million within a day, according to DeFiLlama data.
The post Berachain’s Emergency Hard Fork Traps Hacker, Freezing Funds From Balancer V2 Exploit appeared first on Cryptonews.
