• Berachain halted its network and initiated an emergency hard fork after a major exploit targeting its BEX platform.
• The attacker, a known MEV bot operator, claims to be a white hat and plans to return funds once the chain resumes.
• The exploit was linked to a vulnerability in Balancer V2 code, impacting multiple blockchains.

Berachain, which is EVM-compliant and a Layer-1 blockchain, had a serious security issue on November 3, 2025. This is because its internal decentralized exchange platform, named BEX, suffered a massive exploit attack. This resulted in the blockchain halting its services and proceeding to have an emergency hard fork.

Despite the setback, the situation could have a bright ending. The individual involved in the exploit, who argues that he or she is a white hat hacker, is currently in intense negotiations with the Layer-1 blockchain team to get back the money as soon as the chain goes back to normal.

Berachain Pauses Chain Amid Balancer Exploit

This problem originated with a vulnerability associated with Balancer V2 code, the technology that is also used in the BEX trading platform. More than one blockchain with such code is affected on the same day.

As soon as the exploit got underway, Berachain quickly announced on X that it had been made aware of the Balancer exploit and that it had taken measures to ensure the security of the liquidity pools on BEX. The team immediately paused the minting of HONEY tokens and halted all activities on the BEX vaults and pools.

Shortly thereafter, the Berachain Foundation stated that there had been a meeting of the validators to consciously stop the chain. This is to allow the critical hard fork to be implemented to correct the issue with the Ethena/HONEY tripool that had been targeted through a complex smart contract transaction.

“The team verified that the updated code had been distributed to the validators and that many had already installed it,” they wrote. “But the network will only reboot once the underlying critical infrastructure, such as oracles for liquidations, has finished their upgrade cycles.”

Overall, the Balancer exploit has affected over $128 million worth of assets. This is related to the Ethereum-based ecosystems.

Berachain’s direct loss due to the incident: Approximately $12.86 million, as per blockchain security firm PeckShieldAlert.

Also Read | BlackRock Expands Crypto Investment with Bitcoin ETF Launch in Australia

MEV Bot Saves Berachain Assets

A surprise update changed the dynamics. Berachain announced that the individual who exploited the funds, a famous MEV bot operator, got in touch, saying they were a “white hat” looking to uphold the integrity of the network.

The individual is willing to return the assets through pre-signed transactions that will be executed as soon as the chain is live again.

The foundation confirmed that “all recovered funds will be transferred to the Berachain deployer address”: 0xD276D30592bE512a418f2448e23f9E7F372b32A2. On-chain messages and posts about the transactions support the plan to recover the tampered-with assets.

This crisis constitutes one of the largest stresses on the Layer-1 blockchain network. While the quick reactions have led to less damage not being inflicted, one thing is evident, and makes one concerned: “ protocols that use forked or imported code may be exposed to shared risks.”

It is expected that many decentralized exchanges and liquidity platforms developed with Balancer-like solutions will soon undergo new audits and upgrades.

At this point in time, Berachain’s focus is still on the successful completion of the hard fork and restoring their network to functioning order with users’ funds intact.

Also Read | Balancer Hack Update: With $19.3 Million Recovery, Reducing Major Losses