Inside the Balancer Exploit: A Comprehensive Forensic Review

Summary

On November 3, 2025 Balancer V2’s Composable Stable Pools were exploited via a precision/rounding flaw in pool math, enabling abnormal withdrawals and rapid multi-chain drains. Estimated losses total ~$129M across multiple EVM and Layer-1 networks.

Balancer is a multi-chain automated market maker and one of the leading DEXs in crypto. Shortly after the incident, the team acknowledged the exploit, clarified that it impacted V2 Composable Stable Pools only (not V3), and began a coordinated response and guidance on X. According to Balancer’s initial communications, Hypernative’s monitoring system was among the first to flag the exploit.

While the broader ecosystem was in distress, some networks, such as Berachain and Sonic took temporary measures to throttle or freeze the exploiter’s activity to aid recovery. Security researchers and data platforms, including Blockscope, PeckShield, Cyvers, and Nansen flagged large outflows and sized early losses; major outlets (e.g.,Bloomberg, Decrypt) amplified the scope within hours.

Interestingly, Balancer reports undergoing extensive security review of its V2 contracts, and its website lists audits by firms such as OpenZeppelin, Trail of Bits, Certora, and ABDK. Separately, monitoring company Webacy publicly claimed that its systems had identified the underlying issue prior to the incident, an after, the-fact claim that was met with skepticism by parts of the crypto community.

Decoding the Exploit

The exploit in Balancer V2’s Composable Stable Pools originated from a rounding-direction flaw in the pool’s math logic, specifically during EXACT_OUT swaps. This subtle bug caused the protocol to round down user inputs instead of rounding up, meaning the pool consistently under-charged traders for withdrawals. Over thousands of rapid swaps, this small precision bias compounded into a large financial drain.

In Balancer’s Composable Stable Pools, the system maintains a mathematical invariant (denoted D; Think of invariant like the total weight or product of the pool) that ensures fair pricing between all tokens in the pool. These pools can also trade their own pool token (BPT) as if it were a regular asset alongside the underlying tokens. Because Ethereum’s EVM only supports integers, Balancer “scales” token values to a common 18-decimal format before calculations, which introduces rounding at each step.

Normally, such rounding is negligible. However, in this case:

1. The attacker selected a pool containing three tokens: Token A, Token B, and the POOL token (BPT) itself.

2. They swapped large amounts of the POOL token for A and B, leaving A and B balances extremely small, while the POOL balance became huge.

3. Next, they performed EXACT_OUT swaps in the opposite direction (A and B → POOL). When calculating how much A or B to send, the pool’s math (in the BPT swap path) first upscaled balances and amounts with round-down semantics, which became significant at dust-level balances (While BPT is intentionally excluded from the invariant; that part is by design).

4. As a result, the contract computed a much smaller “amountIn” than it should have, allowing the attacker to withdraw a large amount of POOL tokens while paying very little in return.

By chaining these steps in batchSwap operations, the attacker could artificially deflate the pool invariant (D), lowering the BPT price and extracting value repeatedly within a single transaction. Over multiple iterations, these precision losses accumulated into a massive drain across multiple chains.

In plain terms, the pool thought it was charging enough for each swap, but due to rounding errors and the exclusion of the POOL token from its calculations, it was actually selling its assets too cheaply. The attacker exploited this mispricing loop again and again until the pool’s reserves were drained.

Using Blockscope’s AI Investigator, we can view the exploit transaction in a simplified way. Below, AI Investigator details the token movements in this complex exploit, showing the Vault transferring out assets such as wETH, osETH, wstETH, and BPT to a fresh address, exactly matching the expected under-charge pattern. Similar traces appeared on other affected networks, confirming a systematic, multi-chain execution.

On-Chain Activity

The exploiter executed near-simultaneous, multi-chain setup and drains across Ethereum, L2s, and other major networks. Unlike multisig takeovers, this incident hinged on the EXACT_OUT rounding bug in Balancer V2 Composable Stable Pools. Exploiter's wallets were pre-funded, approvals primed, and identical swap loops launched on each network within minutes of one another.

Tracer 1 shows the exploit initiation on Ethereum: funds move from Tornado Cash to a staging EOA, which immediately fans out gas-sized top-up to a fresh intermediary, which eventually bridges to target networks, and seed per-chain executor wallets. The tight, synchronized timing indicates a coordinated multi-chain playbook rather than opportunistic movement.

Once the exploit begins, the attacker drains the Balancer Pools, which emits multi-asset outflows to exploiter addresses via the vault. Proceeds are locally consolidated before the next loop. The same pattern—approve → EXACT_OUT loops → Vault outflows → local consolidation, appears on other networks covered in this report. Tracer 2 illustrates this on the Arbitrum network.

With per-chain extractions complete, the majority of proceeds are bridged back to Ethereum for deeper liquidity and broader off-ramps. Tracer 3 shows converging flows of ETH from major L2s and from networks like Sonic and Berachain to Ethereum mainnet.

Breakdown & Timeline

November 2, 2025 at 05:35 UTC

The exploit initiates on Ethereum, when primary exploiter 0x86fedad11c4765700934639f1efe1fc01355c982 receives funds from Tornado Cash.

Tx. hash: 0xca2556343293eebe2d3d2a81a1dd94e1457c0c07340270ff8768f507193fff21

Moments later, they seed an intermediary 0x766a892f8ba102556c8537d02fca0ff4cacfc492 with ~$15k worth of ETH to stage gas and initial liquidity.

November 2, 2025 at 06:28 UTC

Exploiter 0x766…c492 begins bridging to Arbitrum and Gnosis, kicking off a multi-network funding pattern. Using Gas.Zip and relay services, additional destinations & intermediaries were pre-funded to enable near-simultaneous execution across chains.

November 3, 2025 at 07:50 UTC

To illustrate this multi-network and complex exploit, we will focus on Arbitrum, where approximately $6.3 million in losses were recorded in total.

The main exploits started on November 3 with Exploiter 0x506d1f9efe24f0d47853adca907eb8d89ae03207 deploying a contract to run the exploit. It then executes the EXACT_OUT rounding-bias sequence against Balancer’s Composable Stable Pools, causing the Balancer Vault to undercharge and emit multi-asset outflows (notably wETH, liquid-staking tokens, and affected BPTs).

Proceeds consolidate to a specified address, here0x872757006b6f2fd65244c0a2a5fdd1f70a7780f4. One of the transactions: 0x4e5be713d986bcf4afb2ba7362525622acf9c95310bd77cd5911e7ef12d871a9

On November 9, address 0x8727… executed a series of swaps, consolidating profits into approximately 1,830.46 ETH (~$6.23M). These funds were subsequently transferred to 0x506d… and bridged back to Ethereum via Stargate, distributed across multiple transactions.

The same exploit pattern repeats across Base, Optimism, Polygon, Sonic, Berachain, Gnosis, and others. Proceeds are progressively bridged to Ethereum mainnet using several bridges. ~$90M currently resides on Ethereum, with smaller residuals & frozen funds scattered across L2s/other networks.

Post-Incident Developments

1. Balancer’s response: Using Blockscope’s Transaction Decoder, we inspected all on-chain calls and events related to the exploit. Balancer subsequently reached out to the exploiter addresses, offering a white-hat bounty for the return of funds.

1. Berachain white hats: On Berachain, white-hat bots briefly front-ran portions of the attack. Berachain validators then coordinated an emergency halt, enabling the recovery of ~$12.8M, which was later returned to the foundation and followed by the launch of a user claims portal.

1. StakeWise recoveries: StakeWise recovered approximately 5,041 osETH (~$19M) and 13,495 osGNO (up to ~$2M) via targeted contract actions.

1. Evasion example: Despite freezes on Sonic network, one path moved 19.5M stS (~$3M) to 0x0e9c9473D0c504Da72763426719F6f03A15544D5 by granting token permission via permit() and then calling transferFrom(), swapping to WBTC and bridging from Sonic to Ethereum using LayerZero. Since the freeze only affectes native tokens, not other ERC20 tokens, exploiter used permit() which allows off-chain signatures without requiring gas fees from the frozen address.

1. White-hat recovery: Following the Balancer V2 stable-pool incident, a new value-extraction path was identified in V2 meta-stable pools, which helped in securing ~$4.1M into controlled custody for reconciliation and return.

Monitoring

We’re actively tracking the exploiter cluster across chains; the majority of realized proceeds now sit on Ethereum consolidated in ~7 primary holding addresses, with small residuals on select L2s/sidechains. We’ve deployed a public Blockscope Watchtower for live alerting and transparency: https://www.blockscope.co/community/watchtowers/6914fef9dd7f56f799828f01

Conclusion

The Balancer V2 exploit underscores how even mature, widely-audited DeFi protocols remain vulnerable to subtle arithmetic and logic flaws when deployed in highly composable environments. What began as a microscopic rounding bias in EXACT_OUT swaps escalated into one of the most extensive coordinated multi-chain exploits to date, draining over $129M across networks.

While Balancer’s prompt coordination with white-hats, partners, and security teams helped contain further damage and recover partial funds, the incident also reignited an important discussion within the DeFi community. Many applauded the transparency and speed of the team’s post-incident actions, yet others voiced concern over the temporary halts and validator interventions on networks like Berachain, questioning whether such emergency measures align with the core ethos of decentralization.

As the community awaits a full post-mortem, sentiment remains mixed, balancing appreciation for swift recovery efforts against growing unease about the trade-off between security and decentralization. This event highlights the urgent need for deeper scrutiny of economic-logic vulnerabilities, stronger precision handling in pool math, and better on-chain monitoring systems like Blockscope’s Forensics Suite to detect anomalies before they evolve into systemic crises.

Written by: Tushar Tiwari, Blockchain Forensics Analyst @ Blockscope

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

• The data used in this investigation may contain inaccuracies, omissions, or errors.

• Information sources may be incomplete or subject to change.

• New evidence may emerge that could alter the conclusions.

• Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.