Berally Hack
Incident Overview
On March 15, 2025, Berally (Ethereum) was hacked due to a compromised deployer key, leading to the dumping of all vesting tokens and the draining of the liquidity pool.
The attacker gained access to Berally’s deployer key, allowing them to transfer and sell vesting tokens meant for controlled distribution. This mass sell-off drained the liquidity pool, likely crashing the token price. However, the dApp contracts remain unaffected, and users were advised to revoke access from the dApp and staking contracts as a precaution.
The breach suggests either private key leakage or an internal security lapse, enabling unauthorized transactions.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Berally, these are the critical security checks that could have prevented this incident (March 2025).
- Verify all logic paths related to Private Key Compromised (Unknown Method) / Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next Berally
The Berally hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.