DEX

Balancer issued a preliminary incident report on the November 3 exploit that drained over $128 million from Composable Stable Pools across nine networks. The protocol identified a rounding flaw in its v2 vault's batchSwap feature as the root cause, which attackers exploited to manipulate pool balances and extract value. Balancer v3 and other pool types remained unaffected.

Balancer confirmed on November 5 that a rounding error in V2 Composable Stable Pools enabled the $128 million exploit that occurred on November 3. The vulnerability allowed attackers to manipulate batch swaps and drain funds across Ethereum, Base, Polygon, Arbitrum, Optimism, Sonic, and Avalanche. White-hat teams have recovered $33 million to date, while Balancer's Total Value Locked declined 58% from $442.96 million to $186.09 million between November 3 and November 7.

Decentralized finance protocols are implementing token buyback strategies similar to corporate share repurchases. Jupiter, dYdX, and Aave have launched programs allocating portions of their revenue to purchase tokens from open markets. The initiatives aim to reduce circulating supply and demonstrate financial health while rewarding long-term holders.

Suilend has paused all deposits and withdrawals in its Elixir Isolated Market and contacted the Elixir team demanding immediate loan repayment. The move follows Stream Finance's disclosure of approximately $93 million in losses through an external fund manager. Elixir maintains it holds full redemption rights at $1 with Stream for its lending position.

The decentralized exchange token ASTER declined more than 20% within 24 hours, reversing gains that emerged after Binance founder Changpeng Zhao disclosed a purchase. A trader identified as the "Anti-CZ Whale" accumulated over $21 million in unrealized profit by maintaining short positions on the token across two wallets, according to on-chain data.

Berachain has finalized an emergency hard fork following a $12 million exploit on its BEX decentralized exchange traced to a Balancer V2 vulnerability. The network remains halted as infrastructure partners update their systems. The Foundation is negotiating with a self-identified white hat MEV bot operator holding the majority of drained funds who has indicated willingness to return the assets.

FTSE Russell has partnered with Chainlink to publish equity and digital asset indices across more than 40 blockchains using Chainlink's DataLink platform. The collaboration delivers institutional-grade benchmark data, including the Russell 1000, Russell 2000, and FTSE 100, directly into decentralized ecosystems. The indices represent over $18 trillion in assets under management globally.

Balancer DeFi protocol suffered an exploit on November 3, 2025, with estimated losses ranging from $100 million to $120 million. The attack targeted V2 Composable Stable Pools, while V3 remained unaffected. Early analysis suggests the vulnerability traces back to a similar rounding error first identified in August 2023.

Independent DeFi researchers have identified approximately $285 million in potential cross-protocol exposure linked to Stream Finance's $93 million loss. The exposure spans seven blockchain networks and involves multiple lending markets. Elixir's deUSD holds the largest single position at $68 million in USDC loans to Stream, constituting roughly 65% of deUSD's total backing.

Berachain Foundation deployed an emergency hard fork binary to validators following a $12 million exploit on its native decentralized exchange BEX. The network suspended operations after a Balancer V2 vulnerability affected multiple blockchains. Validators are implementing the upgrade to prevent further asset transfers before resuming block production.