Berachain on Standby: Emergency Hard Fork Complete, Liveness Awaits
The Berachain Foundation has reported significant headway in its emergency hard fork to combat a vulnerability in its native Decentralized Exchange (DEX), BEX, a fork of the broader Balancer V2 architecture.
Crucially, the Foundation is in talks with a self-proclaimed “white hat” MEV bot operator who holds the majority of the drained funds and has signaled a willingness to return the assets.
The news comes after Berachain validators coordinated a network halt on Monday, Nov. 3, to address the exploit, which originated from a security flaw in Balancer V2 pools that has led to estimated cross-chain losses of approximately $128 million.
Funds Recovery Hinges on White Hat Hacker
The most compelling detail for the community is the ongoing communication with the holder of the roughly $12 million drained from BEX’s liquidity pools, primarily the “Ethena/Honey tripool.”
The “white hat” MEV bot operator has reportedly committed to pre-signing transactions to return the funds once the Berachain network is fully operational again. The recovery of these non-native assets is a primary objective of the emergency response.
On-chain messages made by Berachain Foundation to the exploiter (Source: Etherscan)
Emergency Hard Fork and Network Resumption Blockers
The network halt was deemed a “contentious but necessary” measure by Smokey The Bera, co-founder of Berachain, and endorsed by on-chain investigator ZachXBT to safeguard user deposits.
The Foundation confirmed late Monday that the hard fork binary has been distributed to validators, many of whom have successfully completed their upgrades. This new binary is designed to prevent the movement of exploited tokens off the network and block future attacks on Berachain.
However, the main obstacle to resuming liveness and block production remains. The Foundation stated, “Prior to going live… we’d like to ensure that core infrastructure partners necessary for chain operations… have updated their RPCs, so at this point they will be our main blocker to resuming liveness.”
Root Cause and Broader Exploit Context
The need for this drastic action stems from a massive, multi-chain exploit targeting Balancer V2. Blockchain analytics firm Nansen attributed the original vulnerability to a faulty access-control mechanism.
That mechanism was allegedly exploited to fabricate fees and convert them into withdrawable real assets, with the process executed via two Ethereum transactions in a mere 90 seconds.
Because BEX is a fork of Balancer V2, it inherited this flaw, which led to the approximately $12 million drain. The Foundation noted that since the exploit affected non-native assets (not just BERA), the process required for the network rollback/rollforward was more complex than a “simple hardfork,” thus justifying the full halt to finalize a robust solution.
Once the chain is live, the Foundation has committed to providing a comprehensive rundown of all implemented safety measures across BEX and core apps, alongside future-facing plans for the DEX following the incident.
