Ethereum News Update: 11 Security Reviews, $128 Million Gone—The DeFi Audit Dilemma Unveiled

StakeWise DAO has reported the successful retrieval of 5,041 osETH and 13,495 osGNO from the

attacker, representing a partial recovery following a major breach that saw over $128 million siphoned from the decentralized finance (DeFi) platform, as detailed in a . This exploit, which targeted Balancer’s V2 Composable Stable Pools, has reignited debate over the reliability of smart contract audits and security measures within the crypto sector, according to a .

The breach, initially disclosed on November 3, involved a complex manipulation of Balancer’s liquidity pools. The attacker exploited token invariants—mathematical principles that regulate token exchanges—to secure advantageous rates and withdraw funds, DLNews reported. Despite having undergone 11 audits by leading firms such as OpenZeppelin, Trail of Bits, Certora, and ABDK since 2021, the platform’s smart contracts were still compromised, as outlined in a

. Suhail Kakar, a blockchain developer at TAC, pointed out the shortcomings of repeated audits, remarking, "The vault was audited three times by different companies and still lost $110M. The industry must recognize that 'audited by X' offers little assurance. Coding is challenging, and DeFi is even more so."

Balancer clarified that the incident was "limited to V2 Composable Stable Pools" and did not impact V3 or other pools, according to Cointelegraph. Nevertheless, the exploit affected several blockchains, including

, Base, Polygon, and , with Ethereum suffering the largest losses, DLNews noted. The perpetrator has since deployed new contracts and custom tokens, fueling concerns about a continuing series of attacks, DLNews added.

The recovery of osETH and osGNO—tokens representing staked Ethereum—by StakeWise highlights the possibility of reclaiming some assets after such breaches, Weex reported. However, the DAO’s achievement does not allay wider fears about DeFi’s susceptibility to invariant manipulation, where attackers exploit pricing formulas to empty liquidity pools, DLNews observed.

This event highlights a persistent issue in crypto security: even with increased spending on audits and bug bounty programs, advanced exploits continue to target complex code. By November 2025, losses from crypto-related breaches had already surpassed $2.2 billion for the year, according to DLNews. Experts emphasize that comprehensive security approaches, including proactive monitoring and community-led response systems, may be essential to counteract emerging risks.