# Inside the Balancer Exploit: A Comprehensive Forensic Review

## Summary [On November 3, 2025 Balancer V2’s Composable Stable Pools were exploited](https://x.com/Balancer/status/1985392731200409993?s=20) via a precision/rounding flaw in pool math, enabling abnormal withdrawals and rapid multi-chain drains. Estimated losses total **\~$129M** across multiple EVM and Layer-1 networks. [**Balancer**](https://balancer.fi/) is a multi-chain automated market maker and one of the leading DEXs in crypto. Shortly after the incident, the team acknowledged the exploit, clarified that it impacted **V2 Composable Stable Pools only** (not V3), and began a coordinated response and guidance on X. According to Balancer’s initial communications, [Hypernative’s monitoring system was among the first to flag the exploit.](https://x.com/Balancer/status/1986104426667401241?s=20)

While the broader ecosystem was in distress, some networks, such as [**Berachain** and **Sonic** took temporary measures](https://www.coindesk.com/markets/2025/11/03/berachain-halts-network-to-contain-balancer-linked-exploit-to-conduct-emergency-hard-fork) to throttle or freeze the exploiter’s activity to aid recovery. Security researchers and data platforms, including [Blockscope](https://x.com/BlockscopeCo/status/1985300581439721811?s=20), PeckShield, Cyvers, and Nansen flagged large outflows and sized early losses; major outlets (e.g.,Bloomberg, Decrypt) amplified the scope within hours.

Interestingly, [Balancer reports undergoing extensive security review of its V2 contracts](https://finance.yahoo.com/news/balancer-suffers-128m-smart-contract-142655037.html), and its website lists audits by firms such as OpenZeppelin, Trail of Bits, Certora, and ABDK. Separately, monitoring company [Webacy](https://www.webacy.com/) publicly claimed that its systems had identified the underlying issue prior to the incident, an after, the-fact claim that was met with skepticism by parts of the crypto community.

## Decoding the Exploit The exploit in Balancer V2’s Composable Stable Pools originated from a **rounding-direction flaw** in the pool’s math logic, specifically during `EXACT_OUT` swaps. This subtle bug caused the protocol to round down user inputs instead of rounding up, meaning the pool consistently under-charged traders for withdrawals. Over thousands of rapid swaps, this small precision bias compounded into a large financial drain.

Using the Contract Usage tool, we visualized the volume of events and transfers occurring across various pool and vault contracts; This graph shows total events chart for one of the affected pools on Arbitrum.

In Balancer’s Composable Stable Pools, the system maintains a mathematical invariant (denoted D; Think of invariant like the total weight or product of the pool) that ensures fair pricing between all tokens in the pool. These pools can also trade their own pool token (BPT) as if it were a regular asset alongside the underlying tokens. Because Ethereum’s EVM only supports integers, Balancer “scales” token values to a common 18-decimal format before calculations, which introduces rounding at each step. Normally, such rounding is negligible. However, in this case: 1. The attacker selected a pool containing three tokens: Token A, Token B, and the POOL token (BPT) itself. 2. They swapped large amounts of the POOL token for A and B, leaving A and B balances extremely small, while the POOL balance became huge. 3. Next, they performed `EXACT_OUT` swaps in the opposite direction (A and B → POOL). When calculating how much A or B to send, the pool’s math (in the BPT swap path) first upscaled balances and amounts with round-down semantics, which became significant at dust-level balances (While BPT is intentionally excluded from the invariant; that part is by design). 4. As a result, the contract computed a much smaller “amountIn” than it should have, allowing the attacker to withdraw a large amount of POOL tokens while paying very little in return. By chaining these steps in batchSwap operations, the attacker could artificially deflate the pool invariant (D), lowering the BPT price and extracting value repeatedly within a single transaction. Over multiple iterations, these precision losses accumulated into a massive drain across multiple chains.

Critical upscaling step in the function`_swapWithBpt` that enabled the `EXACT_OUT` under-charged

AI Investigator clarifies the swap sequence, highlighting the exploit txs' core mechanics

In plain terms, the pool thought it was charging enough for each swap, but due to rounding errors and the exclusion of the POOL token from its calculations, it was actually selling its assets too cheaply. The attacker exploited this mispricing loop again and again until the pool’s reserves were drained. Using Blockscope’s AI Investigator, we can view the exploit transaction in a simplified way. Below, AI Investigator details the token movements in this complex exploit, showing the Vault transferring out assets such as wETH, osETH, wstETH, and BPT to a fresh address, exactly matching the expected under-charge pattern. Similar traces appeared on other affected networks, confirming a systematic, multi-chain execution.

AI Investigator summary of token inflows and outflows between the Balancer Vault and the exploiter involving multiple transfers

## On-Chain Activity The exploiter executed near-simultaneous, multi-chain setup and drains across Ethereum, L2s, and other major networks. Unlike multisig takeovers, this incident hinged on the `EXACT_OUT` rounding bug in Balancer V2 Composable Stable Pools. Exploiter's wallets were pre-funded, approvals primed, and identical swap loops launched on each network within minutes of one another. **Tracer 1** shows the exploit initiation on Ethereum: funds move from Tornado Cash to a staging EOA, which immediately fans out gas-sized top-up to a fresh intermediary, which eventually bridges to target networks, and seed per-chain executor wallets. The tight, synchronized timing indicates a coordinated multi-chain playbook rather than opportunistic movement.

Once the exploit begins, the attacker drains the Balancer Pools, which emits multi-asset outflows to exploiter addresses via the vault. Proceeds are locally consolidated before the next loop. The same pattern—approve → `EXACT_OUT` loops → Vault outflows → local consolidation, appears on other networks covered in this report. **Tracer 2** illustrates this on the Arbitrum network.

\ With per-chain extractions complete, the majority of proceeds are bridged back to Ethereum for deeper liquidity and broader off-ramps. **Tracer 3** shows converging flows of ETH from major L2s and from networks like Sonic and Berachain to Ethereum mainnet.

## Breakdown & Timeline ### November 2, 2025 at 05:35 UTC The exploit initiates on Ethereum, when primary exploiter `0x86fedad11c4765700934639f1efe1fc01355c982` receives funds from Tornado Cash. Tx. hash: `0xca2556343293eebe2d3d2a81a1dd94e1457c0c07340270ff8768f507193fff21`

Exploiter getting initial funds from Tornado Cash

Moments later, they seed an intermediary `0x766a892f8ba102556c8537d02fca0ff4cacfc492` with \~$15k worth of ETH to stage gas and initial liquidity.

### November 2, 2025 at 06:28 UTC Exploiter `0x766…c492` begins bridging to Arbitrum and Gnosis, kicking off a multi-network funding pattern. Using Gas.Zip and relay services, additional destinations & intermediaries were pre-funded to enable near-simultaneous execution across chains.

Transactions showing `0x766…c492` bridging funds

### November 3, 2025 at 07:50 UTC To illustrate this multi-network and complex exploit, we will focus on **Arbitrum**, where approximately **$6.3 million** in losses were recorded in total. The main exploits started on November 3 with Exploiter `0x506d1f9efe24f0d47853adca907eb8d89ae03207` deploying a contract to run the exploit. It then executes the `EXACT_OUT` rounding-bias sequence against Balancer’s Composable Stable Pools, causing the Balancer Vault to undercharge and emit multi-asset outflows (notably wETH, liquid-staking tokens, and affected BPTs). Proceeds consolidate to a specified address, here`0x872757006b6f2fd65244c0a2a5fdd1f70a7780f4`. One of the transactions: `0x4e5be713d986bcf4afb2ba7362525622acf9c95310bd77cd5911e7ef12d871a9`

Token transfers involved in the transaction.

On **November 9**, address `0x8727…` executed a series of swaps, consolidating profits into approximately 1,830.46 ETH (\~$6.23M). These funds were subsequently transferred to `0x506d…` and bridged back to Ethereum via Stargate, distributed across multiple transactions.

Funds getting bridged from Arbitrum to Etherum

The same exploit pattern repeats across Base, Optimism, Polygon, Sonic, Berachain, Gnosis, and others. Proceeds are progressively bridged to Ethereum mainnet using several bridges. \~$90M currently resides on Ethereum, with smaller residuals & frozen funds scattered across L2s/other networks. ## Post-Incident Developments 1. **Balancer’s response:** Using Blockscope’s Transaction Decoder, we inspected all on-chain calls and events related to the exploit. Balancer subsequently reached out to the exploiter addresses, offering a white-hat bounty for the return of funds.

2. **Berachain white hats:** On Berachain, white-hat bots briefly front-ran portions of the attack. [Berachain validators then coordinated an emergency halt](https://www.coindesk.com/markets/2025/11/03/berachain-halts-network-to-contain-balancer-linked-exploit-to-conduct-emergency-hard-fork), enabling the recovery of \~$12.8M, which was later returned to the foundation and followed by the launch of a user claims portal.

Message from Berachain Foundation, clarifying the status of the alleged exploiter's wallets, and informing funds recovery.

3. **StakeWise recoveries:** [StakeWise recovered approximately 5,041 osETH (\~$19M) and 13,495 osGNO (up to \~$2M) via targeted contract actions.](https://x.com/stakewise_io/status/1985462161670336944?s=20)

4. **Evasion example:** Despite freezes on Sonic network, one path moved 19.5M stS (\~$3M) to `0x0e9c9473D0c504Da72763426719F6f03A15544D5` by granting token permission via `permit()` and then calling `transferFrom()`, swapping to WBTC and bridging from Sonic to Ethereum using LayerZero. Since the freeze only affectes native tokens, not other ERC20 tokens, exploiter used permit() which allows off-chain signatures without requiring gas fees from the frozen address.

LayerZero Explorer showing transfer made from Sonic to Ethreum

5. **White-hat recovery:** Following the Balancer V2 stable-pool incident, [a new value-extraction path was identified in V2 meta-stable pools, which helped in securing \~$4.1M](https://x.com/Balancer/status/1988685056982835470?s=20) into controlled custody for reconciliation and return. ## Monitoring We’re actively tracking the exploiter cluster across chains; the majority of realized proceeds now sit on Ethereum consolidated in \~7 primary holding addresses, with small residuals on select L2s/sidechains. We’ve deployed a public Blockscope Watchtower for live alerting and transparency:

Address holding majority of the funds; Nearly $90M

## Conclusion The Balancer V2 exploit underscores how even mature, widely-audited DeFi protocols remain vulnerable to subtle arithmetic and logic flaws when deployed in highly composable environments. What began as a microscopic rounding bias in `EXACT_OUT` swaps escalated into one of the most extensive coordinated multi-chain exploits to date, draining over **$129M** across networks. While Balancer’s prompt coordination with white-hats, partners, and security teams helped contain further damage and recover partial funds, the incident also reignited an important discussion within the DeFi community. Many applauded the transparency and speed of the team’s post-incident actions, yet others voiced concern over the temporary halts and validator interventions on networks like Berachain, questioning whether such emergency measures align with the core ethos of decentralization. As the community awaits a full post-mortem, sentiment remains mixed, balancing appreciation for swift recovery efforts against growing unease about the trade-off between security and decentralization. This event highlights the urgent need for deeper scrutiny of economic-logic vulnerabilities, stronger precision handling in pool math, and better on-chain monitoring systems like Blockscope’s Forensics Suite to detect anomalies before they evolve into systemic crises. **Written by**: [Tushar Tiwari](https://in.linkedin.com/in/tushar-tiwari-1380271b7), Blockchain Forensics Analyst @ Blockscope For more information, please reach out to us at ****

Disclaimer: Best Effort Investigation This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations: * The data used in this investigation may contain inaccuracies, omissions, or errors. * Information sources may be incomplete or subject to change. * New evidence may emerge that could alter the conclusions. * Analysis and interpretations are based on current understanding and may evolve. We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://research.blockscope.co/balancer-exploit/inside-the-balancer-exploit-a-comprehensive-forensic-review.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.