Balancer Identifies Root Cause of $116 Million Exploit: Rounding Bug in Core Function Enabled Multi-Chain Drain

On November 3, 2025, at 07:46 UTC, monitoring systems operated by Hypernative detected the first signs of suspicious activity targeting Balancer V2's Composable Stable Pools. What began as isolated alerts quickly escalated into a coordinated exploit affecting multiple blockchain networks, ultimately resulting in losses exceeding $116 million.

The breach impacted Composable Stable Pools across Ethereum, Base, Avalanche, Gnosis, Berachain, Polygon, Sonic, Arbitrum, and Optimism, as well as Balancer forks including BEX and Beets operating on other chains. Critically, Balancer V3 and all other pool types within the V2 architecture remained unaffected, containing the damage to a specific category of pools.

Technical Root Cause: A Rounding Error with Cascading Consequences

According to Balancer's preliminary incident report, the vulnerability originated from an incorrect rounding direction in the protocol's "upscale" function, specifically affecting EXACT_OUT swaps in Composable Stable Pools. This function is responsible for scaling token values during swap operations, and under certain conditions involving non-integer scaling factors—which occur when token rates are incorporated—the function rounds down rather than up.

While seemingly minor, this rounding behavior became exploitable when combined with Balancer V2's batch swap functionality. The Vault architecture supports two types of swaps: simple and batch. Batch swaps enable multiple operations to be bundled into a single transaction, avoiding intermediate token transfers and delivering significant gas savings through a feature called "deferred settlement."

This deferred settlement mechanism effectively allows callers to "flash loan" tokens to perform swaps, provided all debts are settled by the transaction's end. In Composable Stable Pools specifically, the liquidity provider receipt tokens (BPT) are treated as regular tokens, which enables bypassing the minimum pool supply limit and allows liquidity levels to reach extremely low values.

Attackers exploited this combination of flawed rounding logic and batch swap mechanics to manipulate pool balances systematically. In many cases, the stolen funds remained within the Vault as internal balances before being withdrawn in subsequent transactions, allowing attackers to move assets quietly through multiple steps before final extraction.

Scale of Losses

The total confirmed theft reached $116.6 million, distributed across multiple assets and blockchain networks. The largest losses included:

• 6,587 WETH (Wrapped Ethereum)
• 6,851 osETH (StakeWise's liquid staking token)
• 4,260 wstETH (wrapped staked Ethereum)

Losses spanned Ethereum mainnet, Arbitrum, Base, and Polygon, with additional impacts on smaller networks. The exploit primarily affected Composable Stable v5 pools with expired pause windows, while Composable Stable v6 pools—which retained emergency pause functionality—were protected through rapid automated response.

Rapid Emergency Response

Within minutes of initial detection, a coordinated response effort began involving Balancer contributors, security partners, and whitehat responders. By 08:06 UTC—just 20 minutes after first detection—emergency controls triggered for Composable Stable v6 pools. One minute later, at 08:07 UTC, all CSPv6 pools across affected networks were paused through Hypernative's automated systems, limiting further exposure.

A war room was established to coordinate containment, communications, and recovery across all affected networks. The response involved multiple simultaneous actions:

Pool-Level Mitigations: All pausable CSPv6 pools were transitioned into Recovery Mode, enabling users to withdraw their liquidity proportionally. The CSPv6 factory was disabled to prevent creation of new vulnerable pools. Gauges—which distribute BAL token rewards to liquidity providers—were killed for affected pools to conserve protocol and partner incentives.

Major Liquidity Provider Exits: The pause enabled large institutional liquidity providers to safely withdraw assets. Crypto.com successfully withdrew $800,000 from a cdcETH/wstETH pool, while Ether.fi extracted $1.061 million from an eBTC/wBTC pool.

Asset Freezes and Controls: Partners across the ecosystem implemented emergency measures. Monerium froze approximately 1.3 million EURe (Euro-backed stablecoin) held in the Vault. Gnosis Chain, in coordination with Monerium, applied temporary controls restricting outbound bridge activity to reduce cross-chain propagation risk.

Network-Level Actions: Some blockchain networks took extraordinary measures. Berachain validators coordinated a deliberate network halt to contain Balancer V2-related exposure on BEX, followed by emergency hard-fork preparations. Sonic Labs deployed a safety mechanism to freeze suspected attacker addresses, preventing movement or conversion of funds tied to Beets, a Balancer V2 fork operating on their network.

Recovery Efforts and Whitehat Intervention

The response leveraged Balancer's pre-adoption of the SEAL Safe Harbor framework (approved via BIP-726 in October 2024), which provided a legal structure enabling rapid, coordinated whitehat intervention. Multiple teams and automated systems contributed to asset recovery:

StakeWise Recovery: The StakeWise DAO emergency multisig executed a series of transactions recovering 5,041 osETH (approximately $19 million) and 13,495 osGNO (approximately $1.7-$2 million) from the exploiter. On Ethereum mainnet, this represented 73.5% of the osETH stolen, with funds designated for pro-rata return to affected users based on pre-exploit balances.

Whitehat Bot Activity: A Base MEV bot contributed approximately $150,000 in recovered assets across multiple transactions. The BitFinding team intercepted and clawed back approximately $600,000 worth of assets on Ethereum mainnet, subsequently returning all funds to Balancer DAO.

Ongoing Engagement: SEAL and partner organizations initiated outreach to the attacker(s) under the Safe Harbor framework to pursue voluntary return of funds. Additional security teams, including SNP and others, engaged to assist with triage, rescue operations, and establishing return pathways.

Impact Assessment and User Guidance

Balancer emphasized that the vulnerability was isolated to Composable Stable Pools on V2 architecture. All other pool types—including weighted pools, liquidity bootstrapping pools, and stable pools without the composable feature—remain unaffected and continue operating normally. Balancer V3, the protocol's latest architecture, was not vulnerable to this exploit.

For users in paused Composable Stable v6 pools, Recovery Mode enables proportional withdrawals of underlying assets without risk. However, Composable Stable v5 pools—which were directly impacted and lacked pause functionality—remain under investigation, with Balancer advising users to avoid interacting with these contracts until official clearance.

The protocol maintains a consolidated internal ledger tracking exploiter flows, whitehat rescues, frozen assets, recovered funds, and protocol withdrawals. These entries undergo continuous verification through multi-party validation involving on-chain trace review, partner confirmations, and block-by-block balance reconciliation.

Broader Implications for DeFi Security

The Balancer exploit represents one of the largest security incidents in decentralized finance in 2025, highlighting both the vulnerabilities inherent in complex smart contract systems and the maturation of coordinated response mechanisms within the crypto ecosystem.

The Evolution of Smart Contract Vulnerabilities: The rounding bug that enabled this exploit demonstrates how subtle mathematical errors in smart contract code can have catastrophic consequences when combined with other protocol features. Unlike traditional software vulnerabilities that might affect individual users or sessions, smart contract bugs can drain entire pools of liquidity in minutes, with losses potentially irreversible due to blockchain immutability.

The specific combination of factors—the upscale function's rounding direction, non-integer scaling factors, batch swap functionality, and BPT token treatment—created an attack vector that likely evaded detection during standard auditing processes. This underscores the challenge auditors face when evaluating protocols with multiple interacting components, where the danger lies not in individual functions but in their complex interactions.

Automated Monitoring as First Line of Defense: Hypernative's detection of the exploit within minutes of its commencement proved crucial in limiting losses. The 20-minute window between initial detection (07:46 UTC) and automated pause implementation (08:06 UTC) represents a significant improvement over previous DeFi incidents, where hours or even days might pass before exploits were identified and contained.

This incident validates the growing investment in real-time blockchain monitoring systems that can detect anomalous patterns in transaction flows, pool balances, and protocol interactions. As DeFi protocols handle increasingly large amounts of value, such automated detection and response systems are becoming essential infrastructure rather than optional enhancements.

The Value of Pause Mechanisms: The stark difference in outcomes between Composable Stable v5 and v6 pools illustrates the importance of emergency pause functionality in DeFi protocols. V6 pools, which retained pause windows, were automatically protected, while v5 pools with expired pause windows bore the brunt of losses.

This creates a tension in protocol design between decentralization—which typically favors removing administrative controls over time—and security, which benefits from retained emergency intervention capabilities. The incident may prompt protocols to reconsider the automatic expiration of pause windows or to implement alternative emergency response mechanisms that balance decentralization with protection.

Cross-Protocol Coordination: The response involved unprecedented coordination across multiple blockchain ecosystems, protocols, and service providers. Network validators halting operations, stablecoin issuers freezing assets, bridge operators restricting transfers, and multiple whitehat teams working in parallel represent a level of ecosystem cooperation that would have been difficult to achieve in earlier years of DeFi development.

This coordination was facilitated by pre-established frameworks like SEAL Safe Harbor, which provided legal clarity for whitehat intervention. Without such frameworks, potential rescuers might hesitate to intercept funds due to legal uncertainty, even when acting to return stolen assets.

Challenges in Asset Recovery

Despite the coordinated response, full recovery of the $116.6 million remains uncertain. StakeWise's recovery of 73.5% of stolen osETH represents a significant success, but other assets have been converted by attackers into more liquid forms like ETH, making recovery more difficult.

The decentralized and pseudonymous nature of blockchain transactions complicates traditional law enforcement approaches. While blockchain transparency allows tracing of stolen funds, the ability to move assets across multiple chains, through decentralized exchanges, and into privacy-enhancing protocols creates significant obstacles to recovery.

Balancer's engagement with attackers through the SEAL framework represents an attempt at negotiated return, offering potential legal protection for voluntary asset return. However, such negotiations have had mixed success in previous DeFi incidents, with some attackers responding to communication while others ignore attempts at contact.

The Path Forward: Migration to V3

Balancer has indicated that its comprehensive post-mortem will include recommendations for migration to Balancer V3, which was not affected by this vulnerability. This suggests the protocol may encourage or facilitate movement of liquidity from V2 to V3 architecture as a long-term solution.

Such migrations present their own challenges. Liquidity providers must be educated about the differences between versions, migration processes must be smooth enough to avoid fragmentation, and protocols must maintain sufficient liquidity in both versions during transition periods. The incident may accelerate V3 adoption, but could also fragment liquidity if some users remain hesitant to move funds.

Audit and Testing Implications: The discovery of this vulnerability post-deployment, despite Balancer being a mature protocol with multiple security audits, raises questions about current audit methodologies. Traditional line-by-line code review may be insufficient for identifying bugs that emerge from complex feature interactions.

This may drive demand for more sophisticated testing approaches, including formal verification (mathematical proofs of code correctness), extended fuzzing campaigns (automated testing with random inputs), and simulation of adversarial scenarios. However, these approaches require significant resources and expertise, potentially increasing the barrier to entry for new protocols.

Regulatory Attention

An incident of this magnitude, involving losses across multiple jurisdictions and affecting both retail and institutional participants, will likely attract regulatory scrutiny. The coordinated network halts on Berachain and asset freezes by centralized service providers like Sonic Labs and Monerium demonstrate that DeFi protocols often retain points of administrative control despite decentralization narratives.

Regulators may view such incidents as evidence that DeFi protocols require similar oversight to traditional financial institutions, potentially accelerating regulatory frameworks for decentralized finance. The industry's ability to respond effectively—including voluntary returns of funds, transparent communication, and coordinated recovery efforts—may influence whether regulatory responses focus on prescriptive requirements or allow for self-regulatory approaches.

Community Response and Trust

The incident has sparked extensive discussion within the DeFi community about protocol security, the adequacy of current auditing practices, and the responsibilities of protocol developers. While some community members have praised the rapid response and recovery efforts, others have questioned how such a fundamental vulnerability persisted in production code.

For Balancer, rebuilding trust will require not only completing the investigation and maximizing asset recovery, but also demonstrating that lessons have been learned and applied. The promised comprehensive post-mortem, transparent communication throughout the process, and clear technical explanations of preventive measures will be crucial for maintaining user confidence.

The broader DeFi ecosystem also faces trust challenges. Each major exploit raises questions among mainstream users and institutional participants about whether DeFi protocols are sufficiently mature and secure for large-scale adoption. The industry's collective response to incidents like this—including cross-protocol support, whitehat coordination, and technical transparency—helps demonstrate the ecosystem's resilience and commitment to security.

Technical Lessons for Protocol Developers

The Balancer incident offers several lessons for smart contract developers:

Rounding Matters: Even small mathematical operations like rounding directions can create exploitable conditions when handling large values or multiple operations. Developers should carefully consider rounding behavior in all calculations, particularly those involving token transfers, price calculations, and balance updates.

Feature Interactions Create Risk: The vulnerability emerged from the interaction between multiple protocol features (upscale function, batch swaps, BPT treatment, deferred settlement). Security analysis must consider not just individual functions but all possible combinations of features and user actions.

Invariant Checking: Protocols should implement comprehensive invariant checks—conditions that should always be true—and test whether these invariants can be violated through any combination of user actions. In this case, an invariant that pool balances cannot be manipulated to disadvantage the protocol might have detected the exploit.

Emergency Response Planning: Having pre-established pause mechanisms, monitoring systems, communication channels, and legal frameworks (like SEAL Safe Harbor) proved crucial in limiting losses. Protocols should implement such safety systems before they're needed.

Graduated Decentralization: The difference in outcomes between pausable and unpausable pools suggests that protocols may benefit from retaining emergency controls longer during initial deployment periods, with decentralization proceeding gradually as confidence in security grows.

Ongoing Developments

As of this writing, recovery and reconciliation efforts continue across affected networks. Balancer has emphasized that final impact figures remain under verification and that any numbers circulating publicly should not be treated as official until the comprehensive post-mortem is released.

The protocol continues working with security partners, law enforcement agencies where applicable, exchanges (to potentially freeze attacker funds), and whitehat teams to maximize recovery. Asset tracing led by SEAL and zeroShadow under the Safe Harbor framework continues, with the goal of identifying and recovering as many stolen funds as possible.

Users in affected pools are advised to follow official Balancer communication channels for updates on recovery progress, withdrawal procedures for frozen pools, and eventual distribution of recovered assets. The protocol has committed to transparent communication throughout the process, with verified information published only after multi-party validation.

Conclusion

The Balancer V2 exploit represents a significant security incident in the DeFi ecosystem, combining technical sophistication in the attack vector with impressive coordination in the response. The $116.6 million in stolen assets makes it one of the largest DeFi exploits of 2025, yet the rapid detection, automated pause systems, cross-protocol coordination, and whitehat recovery efforts demonstrate how far DeFi security infrastructure has evolved.

The incident highlights both the ongoing challenges in securing complex smart contract systems and the increasing maturity of response mechanisms. As the investigation continues and the comprehensive post-mortem is prepared, the lessons learned will likely influence protocol design, auditing methodologies, and security practices across the broader DeFi ecosystem.

For Balancer, the path forward involves completing asset recovery, publishing detailed technical findings, supporting affected users, and facilitating migration to the more secure V3 architecture. For the DeFi industry more broadly, the incident serves as both a sobering reminder of the risks inherent in permissionless financial systems and an encouraging demonstration of the community's ability to respond effectively when vulnerabilities are exploited.

As decentralized finance continues to grow and attract mainstream adoption, incidents like this will test not only the technical robustness of protocols but also the industry's commitment to transparency, accountability, and continuous improvement in security practices. The ultimate measure of success will be not just recovery of stolen funds, but implementation of systemic improvements that reduce the likelihood and impact of future exploits.