Hackers pilfered millions of dollars worth of cryptocurrency on Monday from the decentralized finance protocol Balancer. 

Estimates varied but most blockchain security firms tracked more than $120 million in losses. At least $99 million of the stolen funds were in ETH.

A mainstay in the DeFi industry, Balancer initially said it is aware of the exploit and is investigating it. Cryptocurrency security experts said the incident was traced back to faulty access control mechanisms that were compromised by the attackers.

By Monday afternoon, the company released a longer message explaining the incident began in the early morning.

“Any pools that could be paused have been paused and are now in recovery mode,” the company said, noting that it has ties to several other crypto platforms that they could not unilaterally pause. 

“Balancer is committed to operational security, has undergone extensive auditing by top firms, and had bug bounties running for a long time to incentivize independent auditors. We are working closely with our security and legal teams to ensure user safety and are conducting a swift & thorough investigation.”

They are still working with experts to examine what happened and plan to release a post-mortem at some point.

Balancer warned users that fraudulent messages claiming to be from the company’s security team are circulating and should not be interacted with.

Several other blockchain organizations tied to Balancer announced efforts to address the incident. The Berachain Foundation said it halted its network as its team took emergency measures to protect user assets. The organization was able to freeze some funds stolen from its platform. Other crypto platforms like Gnosis, Sonic, Beefy and others have taken similar measures. 

Balancer has had several minor security incidents in the past but had been audited about 10 times by blockchain security firms. 

Last week, hackers stole about $10.8 million from another DeFi platform called Garden Finance.

More than $2 billion in cryptocurrency was stolen by hackers in the first half of 2025, according to the blockchain security firm Chainalysis. 

Most of the funds were stolen by hackers allegedly connected to North Korea’s government — which has made crypto theft a key source of revenue for its ballistics missile program. 

A report released last week by the governments of the U.S., France, Germany, Japan and others said North Korea was responsible for stealing at least $1.65 billion in cryptocurrency from January to September 2025.