Berachain, an EVM-identical Layer-1 blockchain, and its native DEX, BEX, suffered a major exploit that forced it to halt network operations and initiate an emergency hard fork on Monday, November 3, 2025. However, all is not grim for the blockchain, as the supposed hacker is now in talks with the team about returning the “stolen funds” upon the chain going live. The network, which integrates Balancer V2 code in its exchange protocol, was among several ecosystems affected by a vulnerability that rippled across multiple chains on Monday. The whole drama started when the Berachain team confirmed in a post on X that it was “aware of the ongoing Balancer exploit for the past 45 minutes” and had taken “precautions to avoid any potential damage to the Berachain ecosystem, especially the BEX.” The foundation also added that they had suspended HONEY minting and paused activity across BEX pools and vaults, assuring users that updates would follow. Emergency measures and technical intervention Shortly after its first announcement on the matter, the Berachain Foundation revealed that network validators had “coordinated to purposefully halt the Berachain network” to allow the core team to conduct an “emergency hard fork” which was going to address the vulnerabilities linked to Balancer V2 contracts. According to Berachain’s posts , the exploit primarily affected the Ethena/HONEY tripool via a “relatively complicated smart contract transaction,” affecting both BERA and non-native assets. The foundation noted that the rollback and recovery process involved “more than a simple hard fork,” meaning the chain operations will be completely halted until a permanent fix is finalized. A few hours later, the Berachain team announced that it had distributed the binary for the hard fork, adding that “many of the validators have upgraded.” It also added, “Prior to going live and producing blocks once again, we’d like to ensure that core infrastructure partners necessary for chain operations (oracles for liquidations etc) have updated their RPCs, so at this point they will be our main blocker to resuming liveness.” The Balancer-linked exploit compromised about $128 million in digital assets across several Ethereum-compatible chains. White hat negotiations and fund recovery In a development that could mark a fortunate turn in the crisis, Berachain said it is in conversation with a “MEV bot operator” who currently holds the compromised BEX funds. The individual reportedly indicated that he is a white hat hacker and “is willing to pre-sign a set of transactions to transfer the funds back upon the chain going live,” according to Berachain’s latest post on X . “In accordance with our communications with the whitehat,” the foundation wrote, “we’re confirming that funds should be returned to 0xD276D30592bE512a418f2448e23f9E7F372b32A2, the Berachain deployer address.” The address has also broadcast on-chain messages confirming that the procedure should be followed. Berachain’s post included links to Ethereum transactions that indicate intent to return the assets once the hard fork is complete. Losses and lessons for the Berachain ecosystem The past day has tested Berachain’s capacity for crisis response. According to PeckShieldAlert , Berechain lost $12.86 million, which makes the foundation’s rapid coordination with validators and infrastructure providers very necessary, as chances were very high that it would have suffered greater losses. The event also raises questions about the safety of ecosystems that are built on forked or imported code. Analysts note that the Balancer-linked vulnerability may prompt a new wave of audits across decentralized exchanges and liquidity protocols modeled after the Balancer framework, as some, like Berachain, still have to wait on Balancer to release a long-term risk mitigation approach in the near future. Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
