A tiny rounding error buried deep within Balancer’s smart-contract code has triggered one of the largest DeFi exploits of 2025, draining more than $128 million from its Composable Stable Pools (CSPs) across multiple blockchains.
The attack began on November 3 at 07:46 UTC, first detected by Hypernative’s automated monitoring system. Minutes later, Balancer confirmed an active exploit affecting its V2 Composable Stable Pools deployed on Ethereum, Base, Arbitrum, Avalanche, Optimism, Gnosis, Polygon, Berachain, and Sonic.
Notably, Balancer V3 and non-stable V2 pools were not affected.
A Single Rounding Bug Triggered a Multi-Chain Meltdown
According to Balancer’s preliminary analysis, the exploit stemmed from a rounding miscalculation inside the upscale function used for batch swaps, a feature allowing multiple token swaps in a single transaction.
The issue occurred specifically in EXACT_OUT swap calculations:
Non-integer scaling factors
Rounding in the wrong direction
Incorrect balance adjustments
Attackers able to repeatedly drain value with precision
The flaw only impacted V2 CSPs and their derivatives, including BEX and Beets.
Pools with expired pause windows were hit the hardest, while newer CSPv6 pools were automatically paused by Hypernative’s emergency protections within minutes.
Security firm PeckShield estimated losses surpassing $128 million, though Balancer is still verifying the final tally. Stolen assets — including ETH, osETH, and wstETH — were bridged across chains and funneled through Tornado Cash.
DeFi Ecosystem Mobilizes: Hard Forks, Freezes, and Whitehat Recoveries
Balancer’s emergency “war room” was activated immediately, coordinating with:
Hypernative
Whitehat responders
Chain foundations
Security partners
Thanks to Balancer’s Safe Harbor framework (BIP-726), whitehats legally intervened to rescue funds.
Confirmed early recoveries:
$19M osETH returned via StakeWise DAO
$1.7M osGNO recovered
$750,000 secured by whitehat groups including BitFinding and Base MEV bots
Chain-level and protocol-level interventions included:
Berachain executed an emergency hard fork to trap stolen funds
Sonic Labs froze attacker wallets
Gnosis & Monerium halted €1.3M in EURe stablecoins to block cross-chain laundering
Balancer has now:
Disabled the CSPv6 factory to prevent new pool deployments
Stopped liquidity gauge emissions for affected pools
Enabled recovery-mode withdrawals, allowing LPs to reclaim underlying tokens proportionally
Balancer stressed that V3 pools and non-stable V2 pools remain fully safe and operational.
A Familiar Bug Returns — Despite 10+ Audits
The attack has shocked DeFi observers given Balancer’s reputation for rigorous security. The protocol has undergone more than ten audits by leading firms such as:
OpenZeppelin
Trail of Bits
Certora
However, this latest breach echoes a strikingly similar rounding-related flaw discovered in 2023, raising questions about long-term code patterns and legacy design risks.
Balancer’s previous incidents include:
$520,000 exploit (2020)
$2.1M rounding bug exploit (2023)
DNS hijacking attack (2023)
TVL Collapses Over 50% as Market Reacts
Balancer’s Total Value Locked (TVL) plummeted following the breach:
| Date | TVL |
|---|---|
| Nov 2 | $442M |
| Nov 3 | $214M |
| Current | $182M |
A major whale wallet also withdrew $6.5 million shortly after the exploit, fueling further outflows.
The event has sent shockwaves throughout the DeFi sector, reinforcing renewed concerns about:
Legacy AMM design risks
Audit fatigue
Composability-based attack vectors
CryptoTimes Outlook
The Balancer exploit highlights a troubling reality: even long-established DeFi protocols with deep audit histories can harbor hidden systemic risks. As rounding errors and precision faults become more common attack vectors, security researchers warn that other legacy AMM designs may face similar vulnerabilities.
The coming weeks will reveal:
How much of the stolen funds can be recovered
Whether Balancer can restore market confidence
How regulators and developers respond to another high-profile, multi-chain exploit
