Balancer Exploit: How a Small Rounding Error Caused a $120 Million DeFi Breach

Balancer, one of the earliest and most respected decentralised exchanges in DeFi, faced a severe exploit on 3 November 2025 that resulted in more than $120 million being drained from its V2 protocol and forked versions. 

The breach was caused by a tiny arithmetic rounding error hidden deep within the protocol’s smart contract code. 

Although the issue seemed minor, it was enough to let attackers manipulate token balances and drain liquidity pools across multiple blockchains. 

This event has not only shaken confidence in DeFi security but also prompted discussions about the reliability of audits and testing standards for smart contracts.

How the Balancer Exploit Unfolded

According to blockchain security firm SlowMist, the vulnerability originated from a precision loss bug in Balancer’s Composable Stable Pools. These pools were designed to support near-equal asset pairs, such as USDC and USDT, which depend heavily on precise arithmetic. 

The exploit began when attackers took advantage of a minor rounding error in how Balancer’s code calculated scaling factors for token swaps.

The attacker first exchanged Balancer Pool Tokens for liquidity tokens to reduce available liquidity, making it easier to distort token ratios. They then executed a series of rapid trades involving tokens like osETH and WETH. 

Each trade generated a small arithmetic rounding difference, and although these variations were minimal, they accumulated over hundreds of transactions.

By using Balancer’s batch swap function, which allows multiple swaps in a single transaction, the attacker could amplify these small discrepancies quickly. Over time, this caused the protocol to calculate a higher token output than the amount owed, giving the attacker an artificial profit. 

After accumulating sufficient advantage, the attacker reversed earlier trades to make the on-chain data appear normal, concealing the manipulation.

Blockchain analysis revealed that the stolen funds were moved through Tornado Cash to hide the origin, then routed across multiple networks including Arbitrum, Polygon, Base, Avalanche, and Optimism. 

The final losses were estimated at around $116 million by forensic teams. Balancer’s emergency response paused newer pools, but older pools without safety locks remained vulnerable, leading to the significant financial damage.

Read also: Earn 15% on DOGE: Bitrue Power Piggy Guide

What the Breach Revealed About DeFi’s Weaknesses

The Balancer exploit exposed a critical weakness in DeFi: even well-audited protocols are not immune to mathematical precision errors. 

Balancer had previously undergone more than ten audits by leading firms such as OpenZeppelin, Trail of Bits, and Certora. Despite these reviews, the flaw persisted in a function known as “upscale”, which converted token values during batch swaps. 

The issue stemmed from how integer arithmetic rounded fractional values, slightly favouring traders over liquidity pools. This minor advantage could be repeated endlessly to extract tokens unfairly.

What made the incident even more concerning was that Balancer had experienced a similar rounding issue two years earlier, though that version caused much smaller losses. 

The recurrence suggested that arithmetic precision remains an overlooked area in DeFi development. 

Smart contracts often rely on interdependent calculations, and a single rounding discrepancy can magnify across thousands of transactions.

After the exploit, Balancer’s total value locked dropped sharply. Data from DeFiLlama showed that its TVL fell from $442 million to $214 million within 24 hours and later dropped below $190 million. 

Liquidity providers rushed to withdraw funds, fearing further exploits. In response, Balancer disabled the creation of new Composable Stable Pools, halted emissions from affected gauges, and activated a recovery withdrawal mode to allow users to reclaim assets safely.

Industry partners such as StakeWise DAO and the Berachain Foundation contributed to the recovery process. 

StakeWise managed to recover about $19 million worth of osETH, while Berachain froze $12 million in stolen funds. Gnosis and Monerium also froze around €1.3 million in EURe stablecoins. 

Despite these efforts, most of the funds remained unrecovered, as the attacker converted assets into ETH and scattered them across multiple wallets.

Balancer’s Negotiation and Industry Response

In a surprising turn of events, Balancer Labs began negotiations with the hacker on 8 November 2025, just five days after the exploit. 

The protocol’s developers sent an on-chain message offering a bounty to the attacker in exchange for returning the stolen funds. They assured that no legal or investigative actions would be pursued if the hacker cooperated by the following day. 

However, if the attacker refused, Balancer promised to escalate the case through on-chain forensics and potential legal channels.

The move demonstrated Balancer’s willingness to prioritise fund recovery over punishment, a strategy that has proven effective in previous DeFi hacks. 

Similar approaches have helped projects like Beanstalk recover lost assets, showing that negotiation can sometimes lead to peaceful resolutions. Balancer also announced that whistleblowers who assisted in identifying the hacker would receive compensation.

The protocol’s “war room” response involved close collaboration with cybersecurity firms and blockchain researchers to trace remaining stolen funds. 

Hypernative’s monitoring system, which had automatically paused newer pools during the attack, was credited for preventing even larger losses.

This incident reignited discussions across the DeFi sector about the need for better auditing, precision handling, and real-time monitoring systems. 

Experts called for new standards that include extreme stress tests, simulated attacks, and on-chain anomaly detection to prevent similar arithmetic-based exploits in the future.

Meanwhile, the broader crypto market remained relatively stable. Ethereum, which hosted much of the stolen liquidity, traded around $3,434 with a market capitalisation of over $414 billion. Analysts noted that the quick containment of the exploit helped prevent wider market panic.

Read also: How to Earn 8% on USDT Without Lockup

Conclusion

The Balancer exploit of November 2025 stands as one of the largest and most technically complex DeFi breaches of the year. A single arithmetic rounding error led to the loss of more than $120 million across multiple networks. 

Although Balancer and its partners have recovered a portion of the stolen assets, the attack revealed deep vulnerabilities in DeFi protocols, particularly those related to mathematical precision and cross-chain security.

For traders looking for a safer and more reliable experience, Bitrue offers a secure platform for buying, selling, and storing crypto assets. Its robust security framework, user-friendly design, and consistent transparency make it one of the most trusted exchanges for managing digital assets safely.

FAQ

What caused the Balancer exploit?

The exploit was caused by a small rounding error in the arithmetic used within Balancer’s smart contracts, which allowed attackers to manipulate token balances and drain liquidity pools.

How much was stolen in the Balancer exploit?

The total loss was estimated at around $120 million across multiple networks, including Ethereum, Base, Arbitrum, and Polygon.

Was Balancer able to recover any funds?

Yes, some funds were recovered through collaborative efforts involving StakeWise DAO, Berachain, and Gnosis, although the majority remains unrecovered.

Did Balancer contact the hacker?

Yes, Balancer sent an on-chain message offering a bounty to the hacker in exchange for returning the stolen assets without facing legal consequences.

How can traders protect their crypto from similar exploits?

Using secure and regulated platforms such as Bitrue is one of the best ways to ensure the safety of your crypto assets. Bitrue employs strong security measures and offers a transparent trading environment for all users.

Investor Caution 

While the crypto hype has been exciting, remember that the crypto space can be volatile. Always conduct your research, assess your risk tolerance, and consider the long-term potential of any investment.

Bitrue Official Website:

Website: https://www.bitrue.com/

Sign Up: https://www.bitrue.com/user/register

Disclaimer: The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.