The Balancer Hack: $120M+ Lost to Arithmetic Precision Flaw
On November 3, 2025, Balancer suffered a devastating $120M+ exploit spanning multiple chains. Discover how subtle rounding mistakes in Composable Stable Pools allowed for economic invariant manipulation and what DeFi protocols must learn.
The Balancer Hack: $120M+ Drained by Subtle Arithmetic Flaw
On November 3, 2025, an attacker drained over $120 million from Balancer's v2 pools using a highly sophisticated economic exploit. The root driver? A seemingly minor but critical rounding direction bug buried deep in the protocol's scaling math, which allowed precise manipulation of pool invariants and bypassed traditional alarms and security checks. The Balancer incident stands as one of DeFi's most devastating losses—and sharpest lessons on why security must evolve with adversarial economics, not just code audits.
Attack Overview
Date: November 3, 2025
Loss Amount: $120–$128 million (est.)
Vulnerability: Rounding error in Composable Stable Pool math enabling invariant manipulation
Target: Balancer v2 Composable Stable Pools (multiple chains & forks impacted)
Attacker Method: Atomic batchSwap with engineered state transitions
The Vulnerability: Arithmetic Rounding Error
The bug was rooted in how token scaling math was applied in the pools. Upscaling used mulDown, while downscaling used divUp or divDown. This mismatch let an attacker run "EXACT_OUT" swaps that understated the required amount each time, stealthily degrading the pool invariant "D" and inflating the attacker's redemption power for pool tokens (BPT)—all within a single atomic transaction. The result: extraction of excess value while evading pool safeguard checks and alerting systems.
Attack Execution Flow
┌─────────────────────────────────────────────────────────┐
│ BALANCER EXPLOIT EXECUTION FLOW │
└─────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────┐
│ ATTACKER SIMULATES POOL MATH │
│ • Collects pool state, amp, scales │
│ • Simulates swap sequences for rounding │
└──────────────┬───────────────────────────┘
│
▼
┌──────────────────────────────────────────┐
│ STEP 1: BATCHSWAP – ATOMIC EXECUTION │
│ • Crafts batch of swaps on boundary │
│ • Uses EXACT_OUT hops to exploit rounding│
└──────────────┬───────────────────────────┘
│
▼
┌──────────────────────────────────────────┐
│ STEP 2: INVARIANT ("D") STEALTHILY SHRINKS│
│ • Pool invariant gradually deflated │
│ • System detects no abnormal events │
└──────────────┬───────────────────────────┘
│
▼
┌──────────────────────────────────────────┐
│ STEP 3: REDEEM BPT FOR FULL-VALUE TOKENS │
│ • Convert depressed BPT back to assets │
│ • Lock in artificially favourable exchange│
└──────────────┬───────────────────────────┘
│
▼
┌──────────────────────────────────────────┐
│ STEP 4: MOVE FUNDS ACROSS + LAUNDERING │
│ • Swap across chains, mixers, brokers │
│ • Use EOA and Tornado Cash │
└──────────────────────────────────────────┘
Root Cause Analysis
Algorithmic Precision Gaps: The directionality of scaling math led to invisible depletion of pool invariants, with no explicit "logic bug" in the contract code itself. This demonstrates how subtle flaws in economic calculations can become critical even when core access controls are sound.
BatchSwap Composability: Balancer relies on centralized contracts for pool operations, facilitating easy pool deployment but also allowing tiny flaws to cascade across all v2 contracts and even third-party integrations. The attacker executed micro manipulations within a single block, multiplying the effect.
Insufficient Audit Scope: Despite audits from OpenZeppelin, Trail of Bits, Certora and ABKD, the exploited code path (ComposableStablePool and Linear pools) was out of scope or modified post-audit—reminding DeFi teams that ongoing adversarial fuzzing and precision analysis are necessary long-term.
Attack Timeline
| Time | Event | Details |
|---|---|---|
| Pre-Attack | Preparation/Simulation | Extensive off-chain math testing, pool mapping |
| Nov 3, 2025 | Exploit Execution | Atomic batchSwap exploits across chains; pools drained |
| Immediate | Emergency Mitigations | CSPv6 pause, factory/gauge shutdown, cross-partner freezes |
| Recovery | Funds Tracing | Chain analytics and real-time monitoring; partial asset recovery |
Protocol Response
Immediate Pauses: Balancer team enacted emergency protocol shutdowns, disabling Composable Pools and key deployment factories. Partner projects froze liquidity and gauges to contain contagion.
Whitehat Bounty & Forensics: A rapid bounty program offered 20% for responsible recovery; forensic coordination with analytics firms tracked fund movements, with $19M recovered within days.
User Communication: Balancer published quick post-mortems and notified the ecosystem, but competing coverage revealed that audit gaps and slow contract upgrades contributed to the exploit’s depth.
Security Lessons for DeFi
Economic Adversarial Testing: DeFi protocols must treat math as a security boundary—adversarial testing for precision errors, rounding cliffs, and manipulation vectors is now as essential as permissions and function access.
Continuous Audit & Scope Expansion: Even legacy code and minor patches demand regular, post-deployment reviews—especially batch composable and centralized core contracts.
Transparent Mitigation and Communication: Protocol teams need clear crisis routines, public disclosure, and fast user notification to sustain trust after a breach.
Mitigation Architecture: Circuit breakers, runtime invariant monitoring, and auto-pausing powers help limit damage in atomic multi-hop scenarios.
Improved Security Implementation
// Securing DeFi economic math
function adversarialSwapInvariantCheck(balanceBefore, balanceAfter, threshold) internal pure {
require(abs(balanceBefore - balanceAfter) < threshold, "Economic deviation detected");
// Additional logic: restrict batch composability, monitor for rounding cliffs.
}
Current Status and Future Implications
Balancer’s TVL halved overnight, many protocols lost integration liquidity, and several forks (Beethoven X, Beets) sustained additional losses. While partial funds were recovered, the remaining assets remain in attacker networks, and Balancer must vastly improve math safety and code audit rigor going forward.
This incident is a wake-up call for all DeFi teams: long-tail, deep precision vulnerabilities are no longer theoretical. Full-system adversarial validation is now essential for every protocol hoping to safeguard the next generation of decentralized finance.
Summing Up
The Balancer hack is proof that security is about adversarial economics as much as code logic. DeFi teams must look beyond audits—testing, live runtime monitoring, and a culture of economic robustness are critical. Rounding errors and composability are no longer benign—they are first lines of defense and attack. Don't just secure your code: secure your mathematics, your protocol architectures, and your real-time user trust.
.png&w=3840&q=75)
