KyberSwap hacker moves 2,900 ETH worth $6.8M to Tornado Cash, echoing 2023's $47M reentrancy exploit amid bearish ETH price trends.

KelpDAO suffers $292M DeFi exploit, raising questions on sector future amid ETH price volatility at $2324.47 and bearish MACD signals.

KelpDAO suffers $294M exploit as attacker mints 116,500 RSETH, borrows 106,467 ETH amid DeFi security risks and crypto market volatility.

KelpDAO exploiter deposits stolen rsETH into AaveV3, CompoundV3, Euler, borrowing over $236M in WETH amid DeFi exploit details and crypto market volatility.

According to @OnchainLens, a victim lost $50M in USDT in an address poisoning attack (source: @OnchainLens). @OnchainLens reports the attacker swapped the stolen USDT for DAI, moved funds to another wallet, then swapped for ETH before routing the proceeds through Tornado Cash (source: @OnchainLens). The victim wallet 0xcb80784ef74c98a89b6ab8d96ebe890859600819 and thief wallets 0xbaff2f13638c04b10f8119760b2d2ae86b08f8b5 and 0x9da061291e11dad806d68c20730c516c34a17b9b are identified by @OnchainLens and can be verified on Etherscan transaction records (sources: @OnchainLens, Etherscan). Traders can monitor these addresses on Etherscan to track any further swaps or transfers that could affect USDT, DAI, and ETH on-chain liquidity as flagged by @OnchainLens (sources: Etherscan, @OnchainLens).

According to @EmberCN, the address linked to the Balancer exploit swapped ETH LST tokens and other non-ETH assets into ETH, then deposited 2,000 ETH (about $6.36 million) into Tornado Cash within the past hour; this activity is visible on-chain. source: x.com/EmberCN/status/1989550291327525232, source: etherscan.io/address/0x0e9c9473d0c504da72763426719f6f03a15544d5 On-chain records for 0x0e9c9473d0c504da72763426719f6f03a15544d5 show multiple deposits to Tornado Cash contracts totaling 2,000 ETH in a one-hour window, indicating active obfuscation of funds. source: etherscan.io/address/0x0e9c9473d0c504da72763426719f6f03a15544d5 @EmberCN adds that moving the stolen ETH through Tornado Cash likely signals the actor is not pursuing a white-hat bounty pathway that would involve returning funds. source: x.com/EmberCN/status/1989550291327525232 For traders, Tornado Cash usage aligns with patterns seen in crypto hacks where mixers are used to launder stolen assets, complicating tracing and recovery; this typically heightens risk perception for related tokens and pools. source: home.treasury.gov/news/press-releases/jy0916, source: blog.chainalysis.com/reports/crypto-crime-mid-year-update-2022-mixers Monitor BAL, Balancer-related pools, and further outflows from the flagged address for potential liquidity shifts and on-chain sell pressure signals tied to the exploit. source: x.com/EmberCN/status/1989550291327525232, source: etherscan.io/address/0x0e9c9473d0c504da72763426719f6f03a15544d5

According to the source, Balancer issued a final onchain warning to the address linked to a reported exploit and offered a bounty for the return of funds, indicating an active negotiation attempt to recover assets (source: the source). Historical DeFi exploit episodes have typically led to rapid TVL outflows, native token drawdowns, and liquidity dislocations that traders can track via DeFiLlama for TVL and Etherscan for pool and attacker address movements (sources: Chainalysis 2024 Crypto Crime Report; DeFiLlama; Etherscan). White-hat bounty negotiations and partial fund returns are a documented path to damage control and risk reduction in exploit situations, so market participants should monitor Balancer’s official announcements and onchain messages for any confirmation or fund return updates (sources: Immunefi 2024 Web3 Security Report; Balancer official channels; Etherscan).

According to @stonecoldpat0, it is a sad day for DeFi and he hopes the hacker cooperates and returns the funds (source: @stonecoldpat0 on X, Nov 3, 2025). The post signals a DeFi security incident but provides no details on the affected protocol, chain, assets, amount, or resolution timeline, limiting trade-specific visibility at this time (source: @stonecoldpat0 on X, Nov 3, 2025). For traders, the absence of identifiers or on-chain references means elevated uncertainty for DeFi risk sentiment until official or on-chain confirmations are released (source: @stonecoldpat0 on X, Nov 3, 2025).

According to @PANewsCN, the GoPlus Chinese Community warned that all DeFi protocols forked from Balancer are affected by a Balancer vulnerability and that several protocols have already been attacked, advising users to stop interacting and withdraw assets immediately, source: GoPlus Chinese Community on X and PANewsCN on X, Nov 3, 2025. The alert also instructs users to consult the Balancer fork list on the DefiLlama website to identify exposure before taking action, source: GoPlus Chinese Community on X and PANewsCN on X, Nov 3, 2025.

According to @ai_9684xtpa, legacy DeFi protocol Balancer has suffered theft exceeding 116 million dollars, with the overall impact still uncertain and potential knock-on effects to other DeFi protocols flagged by the author; source: @ai_9684xtpa. The alleged attacker address for on-chain tracking is listed at intel.arkm.com/explorer/entity/6c16da4c-86c3-4fa4-8075-c78f963e3274; source: @ai_9684xtpa and Arkham Intel. Traders should monitor BAL price action, Balancer pool liquidity, and flows from the cited attacker address given the reported uncertainty about broader impact; source: @ai_9684xtpa and Arkham Intel.

According to @PANewsCN, the Balancer DeFi protocol is facing an ongoing multi-chain exploit with cumulative losses estimated at about $88 million, based on live monitoring by PeckShieldAlert on X dated Nov 3, 2025. According to PeckShieldAlert, attacker-linked wallets continue moving assets across multiple chains as the incident remains active, with the reported loss figure reflecting cross-chain transfers tied to the exploit. Given PeckShieldAlert’s ongoing updates that the exploit is still in progress, traders can monitor BAL and Balancer-related pool assets for further on-chain movements using PeckShield’s alerts, per @PANewsCN.

According to the source, a social post reports that Balancer was hit by a $70M exploit draining osETH, WETH, and wstETH from liquidity pools, with BAL down about 5% and concerns about laundering flows (source: user-provided X post). Independent confirmation is not provided here; traders should verify any exploit disclosures via Balancer’s official X account and community forum, and corroborate large transfers on-chain via Etherscan before taking positions (source: Balancer official channels; Etherscan). Until confirmation, consider de-risking exposure to affected Balancer pools, tighten slippage on DEX routes touching osETH/WETH/wstETH, and monitor BAL spot-liquidity, futures funding, and open interest for stress signals (source: standard DeFi incident risk-management practices).

According to @PeckShieldAlert, Balancer has been drained of approximately $70.8 million in crypto, including 6,851.12 osETH (~$27M), 6,587.44 WETH (~$24.5M), and 4,259.84 wstETH (~$19.3M) (source: @PeckShieldAlert on X, Nov 3, 2025). The alert identifies osETH, WETH, and wstETH as the impacted assets on Balancer, enabling traders to assess direct exposure in related pools and positions following the report (source: @PeckShieldAlert on X, Nov 3, 2025). By dollar value, osETH is the largest share of the reported drain (~$27M), followed by WETH (~$24.5M) and wstETH (~$19.3M), which can inform the priority of risk checks for ETH-linked token markets (source: @PeckShieldAlert on X, Nov 3, 2025).

According to @PANewsCN, decentralized trading protocol Bunni has formally shut down following a recent security exploit and a funding shortfall. source: https://x.com/bunni_xyz/status/1981160279871558114 https://twitter.com/PANewsCN/status/1981190491577471240 Bunni stated that relaunching would require six to seven figure spending on audits and monitoring plus long development and business cycles, leading the team to close the protocol. source: https://x.com/bunni_xyz/status/1981160279871558114 Users can still withdraw assets from the official website. source: https://x.com/bunni_xyz/status/1981160279871558114 The remaining treasury will be distributed based on a snapshot to BUNNI, LIT, and veBUNNI holders, excluding team members, with details to be released after legal procedures conclude. source: https://x.com/bunni_xyz/status/1981160279871558114 https://twitter.com/PANewsCN/status/1981190491577471240 Bunni v2 contracts have switched from BUSL to an MIT open-source license, and the team said it will continue assisting law enforcement to recover stolen funds. source: https://x.com/bunni_xyz/status/1981160279871558114

According to the source, approximately $1.2 million was drained from the Seedify cross-chain bridge in an attack attributed to North Korean hackers, elevating counterparty and bridging risk for SFUND exposure; source: https://decrypt.co/341076/north-korean-hackers-drain-1-2m-from-seedify-bridge. For trading impact, monitor SFUND order books, bridge status updates, and on-chain flows because DPRK-linked groups have historically targeted DeFi bridges and laundered proceeds via mixers, which can pressure liquidity and widen spreads in the short term; source: https://blog.chainalysis.com/reports/north-korea-crypto-hacks-2023/.

According to the source, a wallet reportedly lost 6.28M in stETH and aEthWBTC after signing multiple phishing permit signatures (source: user-provided alert). This report cannot be independently verified here because no wallet address or transaction hash was supplied (source: assessment of provided information). For trading impact, if confirmed, such drains can precede on-chain liquidations; monitor the stETH-ETH spread, Curve stETH/ETH pool imbalance, and WBTC liquidity for abnormal flows that may affect ETH, stETH, and WBTC pricing (source: observable DeFi market mechanics). Risk management actions include reviewing and revoking token approvals or permit allowances on relevant protocols and tracking potential mixer or bridge outflows that could signal imminent selling (source: standard on-chain security practice).

According to @PeckShieldAlert, the NGP token from NewGold Protocol was exploited for approximately $2 million. NGP dropped 88% within one hour, @PeckShieldAlert reported. The exploiter deposited 443.8 ETH of the stolen funds into Tornado Cash, @PeckShieldAlert reported. Traders should note the extreme price drawdown and the transfer route to Tornado Cash as reported by @PeckShieldAlert.

According to @EmberCN, the Radiant Capital exploit wallet sold 4,326 ETH for 20.475M DAI in the past hour, indicating continued ETH-to-DAI conversion activity (source: @EmberCN on X). Since selling began two days ago, the wallet has offloaded a total of 9,631 ETH for 43.937M DAI at an average execution price of $4,562 (source: @EmberCN on X). The address now holds 12,326 ETH plus 43.937M DAI, with a combined value of approximately $102M (source: @EmberCN on X). The assets tied to last year’s theft were valued at $53M at the time, providing context for the current realized and remaining balances (source: @EmberCN on X).

According to @PeckShieldAlert, 58.2 BTC (about $7 million) were drained from the Odin GodOfRunes platform, source: @PeckShieldAlert. The attackers added liquidity using SATOSHI, artificially inflated the token price, and then removed liquidity to receive BTC returns, source: @PeckShieldAlert. Attacker addresses were disclosed in the alert, source: @PeckShieldAlert.

According to @EmberCN, the hacker involved in the recent GMX exploit has now laundered the 1,700 ETH ($5 million) white-hat bounty using the Tornado Cash mixer. This event marks the conclusion of the security incident where the attacker initially stole assets worth $42 million, which appreciated to $45 million due to the rise in Ethereum's (ETH) price, as cited by the source. The source reports that the hacker returned $40 million of the assets to GMX, with the protocol covering the remaining $2 million loss. The exploiter ultimately walked away with the $5 million bounty, an outcome that could influence trader sentiment regarding GMX's security resolution process and the ongoing risks associated with DeFi protocols.