Berachain, a high-performance EVM-compatible Layer 1 blockchain, executed an emergency hard fork following a critical exploit linked to Balancer V2’s smart contract vulnerability. The attack, which originated on Balancer’s Ethereum deployment, cascaded into forked versions such as Berachain’s native DEX, BEX, forcing validators to halt the entire network and coordinate a chain-level rollback to safeguard funds.
The Berachain hard fork marks another serious DeFi infrastructure crisis of 2025, exposing how shared open-source codebases can transmit risk across ecosystems.
A Fork Inherited Vulnerability
The exploit stemmed from a long-standing bug in Balancer V2’s Vault contract, specifically within the manageUserBalance function. A faulty access check allowed malicious actors to perform unauthorised internal withdrawals. Though Balancer had disclosed the flaw in January 2025, not all forks (including BEX) had patched it, leaving them vulnerable.
On Berachain, the vulnerability was exploited via a complex smart contract transaction targeting the Ethena/Honey tripool, draining liquidity from non-native assets including WETH, osETH, and wstETH. The attacker bypassed internal checks, effectively redirecting assets from liquidity providers (LPs) to newly created addresses.
Preliminary analysis tied the exploit to three Ethereum wallets, collectively holding over $100 million in stolen assets across the Balancer ecosystem. Berachain’s exposure accounted for roughly $12 million, primarily concentrated in the tripool contracts on BEX.
Impact on Berachain and Ecosystem Projects
The incident’s immediate fallout was severe for Berachain and other Balancer-derived protocols.
- An estimated $12 million in assets on Berachain were compromised.
- 6.85K osETH, 6.59K WETH, and 4.26K wstETH drained from liquidity pools.
- Forks like Beets.fi paused operations for code review, while Berachain’s lending and staking markets suspended activity.
The BAL token fell 5% following the news, while BERA’s market reaction remains unclear, though the network halt likely contributed to short-term volatility.
The event challenges Berachain’s Proof-of-Liquidity (PoL) model (designed to align liquidity incentives with network health) highlighting the trade-off between composability and security.
Response and Emergency Hard Fork
Within hours of detection, Berachain’s validators coordinated a network halt to contain the breach. The action, though controversial, prevented further loss and enabled time to design a recovery fork.
Key Response Measures:
- Validators paused block production to isolate the exploit.
- The Ethena team halted bridging out of Berachain.
- Deposits for USDₑ and HONEY mints/redeems were paused.
- Addresses associated with the hack were blacklisted.
The Berachain hard fork was then initiated to implement state corrections and recover user funds. Because the exploit affected non-native assets, the rollback required intricate slot refactoring, not a simple state overwrite.
Official Statements:
- The Berachain Foundation confirmed that the halt was “executed purposefully” to protect LPs while recovery operations took place.
- Smokey The Bera, a key community figure, praised the validator set’s rapid coordination, crediting external teams such as Ethena, Relay, LZ Hypernative, SEAL 911, and Zeroshadow for their response support.
Timeline of Events
- Jan 21, 2025: Balancer discloses the V2 Vault vulnerability.
- Nov 3, 2025 (09:18 UTC): Exploit detected and reported by HashDit.
- Nov 3, 2025 (10:11 UTC): Berachain announces network halt and emergency hard fork.
- Nov 3, 2025 (10:38 UTC): Smokey The Bera confirms validator coordination and asset freezes.
- Ongoing: Attacker wallets under active trace; network recovery and retro report pending.
Implications for DeFi
The Berachain hard fork has reignited debate over decentralisation and emergency controls in DeFi Layer 1s. While some users praised the swift validator coordination for protecting funds, others argued that the halt underscored a centralised response model.
Disclaimer: This article is for informational purposes only and reflects available data as of writing on 3 November 2025. It does not constitute financial, legal, or investment advice. Always verify information independently and exercise caution when interacting with DeFi protocols.
