Balancer Releases Preliminary Report On Its $128M Exploit, Finds Rounding Error In Bulk Exchange Transactions
In Brief
Balancer reports that a security incident involving its V2 Composable Stable Pools was caused by a technical flaw in batch swap design, with most stolen assets recovered and ongoing recovery efforts underway.
Decentralized finance (DeFi) protocol and automated market maker Balancer announced that it has issued an initial report regarding a recent security incident involving its infrastructure.
According to the statement, at 07:46 UTC on Monday, Hypernative’s monitoring system detected unusual activity suggesting an exploit targeting Balancer V2 Composable Stable Pools. Further investigation confirmed that the issue impacted pools across several networks, including Ethereum, Base, Avalanche, Gnosis, Berachain, Polygon, Sonic, Arbitrum, and Optimism.
The vulnerability was confined to Balancer V2 Composable Stable Pools and their derivatives on related chains such as BEX and Beets, while Balancer V3 and other pool types remained unaffected.
In response, the Balancer team worked with contributors, security partners, and whitehat responders to contain the incident, recover part of the affected assets, and freeze compromised funds.
A coordinated response effort was managed through a dedicated war room to oversee containment, communication, and asset recovery across multiple networks. CSPv6 Pools were switched to Recovery Mode, and mitigation steps were implemented in collaboration with external partners under the SEAL Safe Harbor framework.
Although the final scope of losses is still being assessed, the exploit has been described as large. A detailed post-mortem report will be released following the completion of ongoing technical and legal evaluations.
A Technical Flaw In V2 Batch Swap Design Identified As Root Cause, Majority Of Stolen Assets Recovered
The initial technical analysis identified that the vulnerability originated from the design of the Balancer V2 Vault, which supports both simple and batch swaps. The batch swap function enables multiple operations to occur within a single transaction, improving gas efficiency through deferred settlement, a mechanism that allows temporary use of tokens as long as balances are restored by the end of the process. Within composable stable pools, liquidity provider tokens were treated as standard tokens, effectively bypassing the minimum supply threshold and allowing liquidity levels to fall to unusually low values.
The exploit leveraged an issue in the rounding behavior of the upscale function for EXACT_OUT swaps in composable stable pools. Specifically, the function rounded down when scaling factors were non-integer, creating discrepancies that could be exploited through the batchSwap feature to manipulate balances and extract value. Some affected assets remained temporarily within internal Vault balances before being withdrawn in subsequent transactions.
The vulnerability primarily affected Composable Stable v5 pools with expired pause windows, while Composable Stable v6 pools were automatically paused through Hypernative’s emergency controls and protected from further impact. Balancer V3 and other V2 pool types were not affected.
Mitigation efforts focused on containment, recovery, and cross-chain verification. Emergency response measures included freezing vulnerable pools, disabling the creation of new ones, halting emissions, and initiating recovery operations in collaboration with partners and whitehat teams under the SEAL Safe Harbor framework. Several entities contributed to fund recovery, including StakeWise, which retrieved over 70% of stolen osETH, and BitFinding, which intercepted approximately $600,000 worth of exploited assets. Additional interventions came from partners such as Sonic Labs, Berachain validators, and Monerium, which implemented network halts or freezes to prevent further losses.
Balancer noted that it continues to coordinate with external auditors, exchanges, and recovery teams to verify fund movements and reconcile affected addresses.
Recovery Efforts Underway For Affected V2 Pools
Operations on unaffected Balancer pools continue to function securely, as the exploit vector was limited to certain Composable Stable Pool types within Balancer V2. Balancer V3 and all other V2 pool categories remain unaffected and operate as normal. For users in paused Composable Stable v6 pools, Recovery Mode has been activated, allowing proportional withdrawal of underlying assets. Composable Stable v5 pools were impacted and remain under active review, and users are advised to refrain from interacting with these contracts until official confirmation is released.
All verified communications and instructions will be issued solely through Balancer’s official channels. Updates regarding fund recovery, reconciled impact figures, and post-mortem findings will be published once cross-chain and partner verification processes are complete. Recovery and tracing efforts continue in collaboration with security firms, auditors, and whitehat teams under the SEAL and zeroShadow coordination framework, ensuring transparency and compliance throughout the fund restitution process.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
