Balancer Reveals Cause of $116M DeFi Exploit in Post-Mortem

Exploit Targeted Stable Pools via Rounding Loophole

Balancer published a preliminary post-mortem report on Wednesday later than an exploit drained about $116 million from its decentralized finance protocol. The breach hit Balancer v2 Stable Pools and Composable Stable v5 pools, while other pool types were unaffected, the report said.

The attacker used a mix of BatchSwaps—which bundle multiple actions into a single transaction—along with flashloans and a flaw in the upscale rounding function used in EXACT_OUT swaps. The bug allowed the exploiter to manipulate token pricing calculations and extract liquidity from Balancer’s stable pools.

According to the Balancer team, the rounding function was meant to round down when prices were input, but the attacker found a way to alter these rounding values in specific conditions. Combined with BatchSwaps, this enabled them to move tokens through the Vault in multiple rapid transactions. “In many instances, the exploited funds remained within the Vault as internal balances before being withdrawn in subsequent transactions,” the report said.

Investor Takeaway

Industry Response and Recovery Efforts

Security analysts believe the hackers prepared the operation for months, funding the attack through small deposits of 0.1 Ether to mask their trail. Blockchain forensics teams described the execution as “methodical,” suggesting the attackers had deep familiarity with Balancer’s codebase and liquidity mechanisms.

Balancer said it has been working with cybersecurity partners and other DeFi protocols to recover or freeze stolen funds. Around 5,041 StakeWise Staked ETH (osETH), worth roughly $19 million, and 13,495 osGNO tokens, worth up to $2 million, were traced and frozen through collaborative efforts.

The protocol has since paused all affected pools and stopped the creation of new stable pools until a permanent fix is deployed. Developers said no other versions of the Balancer pools were compromised, and that liquidity in unaffected pools remains secure.

White Hat Bounty and Ongoing Investigation

Balancer offered a 20% bounty to any ethical hacker or to the attacker themselves for returning the stolen assets. As of publication, no one has claimed the reward or initiated contact with the team. are continuing to trace the flow of stolen tokens across multiple DeFi platforms and mixers.

The team also thanked community responders who assisted contain the incident, including developers from major DeFi projects that worked to block further withdrawals. “The swift cooperation across the ecosystem prevented even greater losses,” a Balancer representative said.

The attack follows several high-value DeFi breaches in recent months, renewing debate over the reliability of . Industry observers have questioned whether automated tools can detect complex logic flaws like the rounding exploit used here.

Investor Takeaway

DeFi’s Broader Security Reckoning

The Balancer exploit comes amid rising pressure on DeFi platforms to tighten risk controls later than a string of large-scale thefts. According to DefiLlama, losses from protocol hacks have surpassed $2.3 billion in 2025, with flashloan-enabled exploits accounting for a growing share.

Balancer’s engineers said they are conducting a full code review and coordinating additional third-party audits before reopening affected pools. The team added that lessons from the attack will inform new secureguard models for all future pool releases.