Crypto NewsSecurity

Berachain hard fork. Emergency response after Balancer exploit

Berachain, a high-performance EVM-compatible Layer 1 blockchain, executed an emergency hard fork following a critical exploit linked to Balancer V2’s smart contract vulnerability. The attack, which originated on Balancer’s Ethereum…

berachain hard fork

Berachain, a high-performance EVM-compatible Layer 1 blockchain, executed an emergency hard fork following a critical exploit linked to Balancer V2’s smart contract vulnerability. The attack, which originated on Balancer’s Ethereum deployment, cascaded into forked versions such as Berachain’s native DEX, BEX, forcing validators to halt the entire network and coordinate a chain-level rollback to safeguard funds.

The Berachain validators have coordinated to purposefully halt the Berachain network as the core team performs an emergency hard fork to address Balancer V2 related exploits on the BEX.

This halt has been executed purposefully, and the network will be operational shortly upon…

— Berachain Foundation 🐻⛓ (@berachain) November 3, 2025

The Berachain hard fork marks another serious DeFi infrastructure crisis of 2025, exposing how shared open-source codebases can transmit risk across ecosystems.

A Fork Inherited Vulnerability

The exploit stemmed from a long-standing bug in Balancer V2’s Vault contract, specifically within the manageUserBalance function. A faulty access check allowed malicious actors to perform unauthorised internal withdrawals. Though Balancer had disclosed the flaw in January 2025, not all forks (including BEX) had patched it, leaving them vulnerable.

On Berachain, the vulnerability was exploited via a complex smart contract transaction targeting the Ethena/Honey tripool, draining liquidity from non-native assets including WETH, osETH, and wstETH. The attacker bypassed internal checks, effectively redirecting assets from liquidity providers (LPs) to newly created addresses.

Preliminary analysis tied the exploit to three Ethereum wallets, collectively holding over $100 million in stolen assets across the Balancer ecosystem. Berachain’s exposure accounted for roughly $12 million, primarily concentrated in the tripool contracts on BEX.

As context, the exploit primarily affected the Ethena/Honey tripool through a relatively complicated smart contract transaction.

Given that it affected non-native assets (not just BERA), the rollback/rollforward involves more than a simple hardfork, hence the halt as a full…

— Berachain Foundation 🐻⛓ (@berachain) November 3, 2025

Impact on Berachain and Ecosystem Projects

The incident’s immediate fallout was severe for Berachain and other Balancer-derived protocols.

  • An estimated $12 million in assets on Berachain were compromised.
  • 6.85K osETH, 6.59K WETH, and 4.26K wstETH drained from liquidity pools.
  • Forks like Beets.fi paused operations for code review, while Berachain’s lending and staking markets suspended activity.

The BAL token fell 5% following the news, while BERA’s market reaction remains unclear, though the network halt likely contributed to short-term volatility.

The event challenges Berachain’s Proof-of-Liquidity (PoL) model (designed to align liquidity incentives with network health) highlighting the trade-off between composability and security.

Response and Emergency Hard Fork

Within hours of detection, Berachain’s validators coordinated a network halt to contain the breach. The action, though controversial, prevented further loss and enabled time to design a recovery fork.

Key Response Measures:

  • Validators paused block production to isolate the exploit.
  • The Ethena team halted bridging out of Berachain.
  • Deposits for USDâ‚‘ and HONEY mints/redeems were paused.
  • Addresses associated with the hack were blacklisted.

The Berachain hard fork was then initiated to implement state corrections and recover user funds. Because the exploit affected non-native assets, the rollback required intricate slot refactoring, not a simple state overwrite.

Official Statements:

  • The Berachain Foundation confirmed that the halt was “executed purposefully” to protect LPs while recovery operations took place.
  • Smokey The Bera, a key community figure, praised the validator set’s rapid coordination, crediting external teams such as Ethena, Relay, LZ Hypernative, SEAL 911, and Zeroshadow for their response support.

The Bera validator set has purposefully halted the chain to prevent the Balancer exploit which affected the BEX, primarily the USDe tripool.

– Got Ethena team to disable bridging out of Bera
– Had lending markets disable / pause deposits for USDe
– Paused HONEY mints / redeems
-… https://t.co/g9TQu6qzOA

— Smokey The Bera 🐻⛓ (@SmokeyTheBera) November 3, 2025


Timeline of Events

  • Jan 21, 2025: Balancer discloses the V2 Vault vulnerability.
  • Nov 3, 2025 (09:18 UTC): Exploit detected and reported by HashDit.
  • Nov 3, 2025 (10:11 UTC): Berachain announces network halt and emergency hard fork.
  • Nov 3, 2025 (10:38 UTC): Smokey The Bera confirms validator coordination and asset freezes.
  • Ongoing: Attacker wallets under active trace; network recovery and retro report pending.

Implications for DeFi

The Berachain hard fork has reignited debate over decentralisation and emergency controls in DeFi Layer 1s. While some users praised the swift validator coordination for protecting funds, others argued that the halt underscored a centralised response model.

⚠️ See more hacks on our Exploit Tracker Latest from 2025 · Read, search & analyse

Disclaimer: This article is for informational purposes only and reflects available data as of writing on 3 November 2025. It does not constitute financial, legal, or investment advice. Always verify information independently and exercise caution when interacting with DeFi protocols.

From the YFarmX archive · originally published on the previous site