Balancer Labs, the core team behind the decentralized finance (DeFi) protocol Balancer, has announced plans to wind down after a $116 million exploit that occurred in November.

 

The decision, according to CEO Marcus Hardt, was driven by the impact of the hack. Despite continuing to generate revenue, Balancer Labs’ economic model was no longer sustainable in the aftermath of the hack.

 

“We were spending too much to attract liquidity relative to what that liquidity was actually generating in revenue,” Hardt said. “We were diluting BAL holders to sustain a system that, in my view, was no longer serving the protocol well. At some point, you have to be honest about that.”

 

With Balancer Labs winding down its operations, the protocol is expected to be managed by the Balancer Foundation and its decentralized autonomous organization (DAO), an approach supported by co-founders Hardt and Fernando Martinelli. 

 

DAO members have been asked to vote on a proposal to restructure the protocol and its tokenomics. If approved, BAL emissions will end, all fees will be routed to the treasury, and the protocol’s share of swap fees will be reduced. The team size will also be cut.

 

So, while Balancer Labs, the core development team, is winding down, the protocol will continue operating under new management with a leaner structure.

 

 

The Balancer Protocol Exploit

On November 3, 2025, Balancer Protocol suffered a smart contract exploit targeting its V2 composable stable pools, resulting in the theft of significant amounts of cryptocurrency.

 

Although Balancer had a permission system in place, a bug in the smart contract allowed the attacker to bypass these controls. The attacker exploited the vulnerability to gain unauthorized access to the protocol’s shared vault system, enabling them to drain assets from multiple liquidity pools across different blockchains simultaneously.

 

The hack had a severe impact on Balancer, causing its total value locked (TVL) to drop from about $775 million to $258 million within days of the exploit, according to a report. Its native token, BAL, also fell by about 30%.

 

The shutdown of the Balancer Labs team comes weeks after crypto aggregator Step Finance announced its own shutdown following a January 31 hack that reportedly led to losses of between $26 million and $40 million from the protocol’s treasury.

 

Bunni, a decentralized liquidity protocol built on Uniswap V4, also shut down around October last year after suffering a hack that resulted in losses of about $8.4 million.

 

yETH Exploit Drains Millions, Attacker Launders Funds Through Tornado Cash

A recent exploit targeting Yearn Finance’s yETH product resulted in the theft of millions of dollars in assets, followed by a series of transfers into Tornado Cash. Blockchain analytics show that roughly 3 million dollars worth of Ethereum was funneled into the mixer shortly after the attack. The incident highlights ongoing vulnerabilities in DeFi protocols and the persistent challenge of laundering stolen funds through privacy mixing services.

 

What Happened, The yETH Exploit and Stolen ETH Flows

The attack began when a malicious actor exploited an infinite mint vulnerability in yETH, which is a liquid staking token product operated by Yearn Finance. The flaw allowed the attacker to mint an effectively unlimited supply of yETH in a single transaction. With this artificially inflated supply, the attacker was able to drain liquidity pools that held real assets, including ETH and major liquid staking tokens.

Immediately after draining the pools, the attacker began moving stolen assets through multiple wallets. On chain activity shows that large transactions flowed directly into Tornado Cash. In total, about 1,000 ETH, roughly 2.8 million dollars in value, was pushed into the mixer as part of the laundering process.

The exploit appears to be isolated to the older yETH implementation, which relied on outdated token mechanics. Yearn Finance acknowledged the situation, stating on their official X account that "We are investigating an incident involving the yETH LST stableswap pool," and that users can feel secure that  "Yearn Vaults (both V2 and V3) are not affected.".

 

Why This Attack Is Significant

Infinite Mint Vulnerabilities Remain a Critical Threat

This type of exploit is one of the most catastrophic forms of smart contract failure. When a token’s supply can be arbitrarily increased, attackers can manipulate liquidity pools, redeem inflated assets and drain valuable tokens held by real users. Even established protocols with long track records can be exposed if older code is not continuously audited and updated.

Liquidity Pools Become Fragile Under Supply Manipulation

The integrity of liquidity pools depends entirely on predictable token behavior. When a token’s supply is altered outside expected rules, the pool’s balance collapses instantly. This creates massive losses for users who provided liquidity and may trigger wider liquidity crises across DeFi platforms that rely on interconnected pools.

Mixers Are Still the Tool of Choice for Laundering

The attacker quickly sent stolen ETH to Tornado Cash, which remains a primary method for obscuring stolen funds. Despite regulatory scrutiny and sanctions, mixers continue to attract hackers because they allow for rapid, high volume anonymization. This pattern is consistent with previous DeFi exploits and exchange hacks, where mixers are used almost immediately after funds are stolen.

 

A Pattern That Repeats Across DeFi

The combination of an exploit followed by a mixer transfer has become predictable. Major hacks from past years have shown the same behavior. An attacker identifies a flaw, drains assets, splits them among multiple wallets and launders them through a mixing protocol. This cycle reinforces two critical realities, DeFi is still highly vulnerable, and laundering infrastructure remains robust enough for attackers to operate with confidence.

Until more advanced detection systems, stronger audits and better economic modeling become the standard, similar vulnerabilities will continue to be exploited.

 

Implications for DeFi Security and Governance

Even reputable projects with long track records must prioritize frequent, thorough audits, especially for older token contracts. Legacy code is often the weakest link.

Mechanisms that detect abnormal supply changes, enforce withdrawal limits or restrict redemptions during anomalies should be incorporated into liquidity pool architecture. Economic safety modeling must complement smart contract audits.

DeFi users often underestimate the risk of providing liquidity or staking in complex protocols. No audit or reputation fully eliminates risk. Users must diversify exposure and treat yield opportunities with caution.

With Tornado Cash and similar services repeatedly used for laundering, regulators may push for more enforcement actions. This increases pressure on privacy tools, but it also highlights the need for decentralized privacy solutions that cannot be misused as easily.

 

Final Thoughts

The Yearn yETH exploit and subsequent laundering through Tornado Cash are the latest reminders that DeFi, while innovative, remains structurally fragile. As ecosystems grow more interconnected and protocol complexity increases, so does the risk of catastrophic failures.

For DeFi to become a trusted global financial system, it must adopt stronger audits, safer economic design and better user protections. Until then, the space will continue to experience painful setbacks where millions are lost and trust is shaken.

 

This incident reinforces a simple truth, decentralization does not remove the need for rigorous security. It amplifies it.

 

Stay Connected

You can stay up to date on all News, Events, and Marketing of Rare Network, including Rare Evo: America’s Premier Blockchain Conference, happening  July 28th-31st, 2026 at The ARIA Resort & Casino, by following our socials on X, LinkedIn, and YouTube.