Balancer preliminary report released! The staking function vulnerability causes a $116 million disaster

Decentralized Finance Protocol Balancer Team Releases Preliminary Post-Incident Analysis Report, Explaining the Vulnerability That Led to $116 Million in DeFi Funds Being Stolen

This week, Balancer suffered a sophisticated code attack affecting its v2 Stable Pools and Composable Stable v5 Pools, resulting in the theft of funds. The attacker combined the use of BatchSwaps and exploited a flaw in the rounding functions within the stable pools to drain assets from the pools.

Rounding Function Vulnerability and the Deadly Combination with BatchSwaps

(Source: X)

Earlier this week, Balancer experienced a complex code exploit targeting only its v2 Stable Pools and Composable Stable v5 Pools, while other pool types remained unaffected. The precision targeting indicates that the attacker had an in-depth understanding of Balancer’s codebase, allowing them to identify vulnerabilities specific to certain pool types and avoid more secure pools.

The attacker leveraged BatchSwaps—which enable users to bundle multiple operations, including flash loans (short-term loans borrowed and repaid within a single transaction)—and exploited a flaw in the rounding functions used during EXACT_OUT swaps in stable pools. The combination of these techniques was key to the attack’s complexity.

Rounding functions are a seemingly minor but critically important detail in financial systems. They are designed to round down token prices to prevent precision loss that could cause calculation errors. However, the attacker manipulated these rounding values and combined this with batch swap functionality to siphon funds from the stablecoin pools. Balancer’s team noted in their report: “In many cases, stolen funds remain as internal balances within the vault, which can then be extracted through subsequent transactions.”

The brilliance of this attack lies in exploiting the cumulative effect of tiny rounding errors. While a single rounding discrepancy might be just a fraction of a cent—negligible in isolation—bundling thousands or tens of thousands of such transactions with BatchSwaps causes these small errors to accumulate into significant sums. The use of flash loans further amplifies this effect, allowing the attacker to borrow large amounts of capital within a single transaction, perform arbitrage, repay the loan, and extract profits—all without initial capital.

Technical Breakdown of the Attack

• BatchSwaps Bundling Attack: Packing thousands of small arbitrage operations into one transaction, accumulating rounding errors into a substantial amount

• Flash Loan Leverage: Borrowing large sums without initial capital, scaling the attack’s size by hundreds of times

• EXACT_OUT Vulnerability Exploitation: Targeting specific swap types with rounding function weaknesses to bypass other security checks

From a technical perspective, this attack exposes systemic risks in DeFi protocols related to numerical precision handling. Smart contracts must balance computational efficiency with numerical accuracy, but this balance can be exploited. While Balancer’s rounding functions work well under normal conditions, they become vulnerable under extreme operations like large-scale batch transactions.

Attacker Identity and Preparation Process

The attackers were likely highly skilled professionals who prepared for months prior to the attack. They funded their operation with a series of small Tornado Cash deposits—each around 0.1 ETH—to avoid detection. Tornado Cash is a privacy mixer service that obfuscates transaction trails, making it a preferred tool for cybercriminals.

Using small deposits like 0.1 ETH is a common anti-tracking tactic. Instead of transferring large sums at once—triggering alerts from blockchain analysis tools—they split their funds into hundreds or thousands of small transactions. This “dusting” approach makes tracing the source of funds extremely difficult, even for advanced blockchain analytics.

The detail that the attackers “prepared for months” indicates a highly planned operation. They likely spent considerable time studying Balancer’s code, testing attack vectors in simulated environments, and designing ways to extract funds. Such extensive preparation requires deep technical expertise, thorough understanding of DeFi protocols, and familiarity with blockchain analysis techniques.

According to Deddy Lavid, CEO of blockchain security firm Cyvers, this was one of the most “complex” attacks seen in 2025. Cyvers specializes in monitoring blockchain transactions and detecting anomalies, and their assessment underscores the sophistication involved. The “most complex” label reflects the attack’s innovative techniques, stealth, and precise execution.

This incident underscores the vulnerability of publicly accessible wallets, liquidity pools, and on-chain funds to evolving cyber threats. While open-source transparency allows for thorough auditing, it also enables malicious actors to identify and exploit vulnerabilities. Developers must assume that attackers possess equal or greater technical capabilities, emphasizing the importance of rigorous security practices.

Recovery Progress and Community Collaboration

(Source: X)

Balancer, in collaboration with cybersecurity partners and other DeFi protocols, has managed to recover or freeze some of the stolen funds, including approximately $19 million worth of 5,041 StakeWise staked ETH (osETH) and up to $2 million worth of 13,495 osGNO tokens. The total recovered amount is around $21 million, accounting for roughly 18% of the total stolen funds. While this does not fully compensate for the loss, it represents a relatively successful recovery in DeFi hacking incidents.

The ability to recover or freeze funds highlights the importance of ecosystem cooperation. Both osETH and osGNO are tokens tied to specific protocols, whose teams could identify and freeze suspicious addresses. Such collaboration is especially vital in decentralized environments, where no central authority can enforce freezes. Instead, protocols must voluntarily cooperate, share intelligence, and coordinate actions.

The team has paused all affected pools and disabled the creation of new “vulnerable” pools until security issues are addressed. This is a painful but necessary step. Pausing pools temporarily prevents further exploitation but also inconveniences legitimate users and impacts reputation. However, allowing vulnerable pools to remain operational would pose greater risks of further losses, making the suspension the responsible choice.

Balancer is offering a 20% bounty to white-hat hackers and even malicious actors to recover stolen funds. As of now, no one has claimed the bounty. A 20% reward on approximately $23 million amounts to about $4.6 million. Several reasons could explain why no one has claimed it:

• Hackers may be reluctant to reveal their identities, fearing legal repercussions or arrest.

• They might believe they can successfully launder and extract all funds without sharing any portion.

• It could be an organized crime group or state-sponsored operation prioritizing reputation over monetary gain.

Summary of Balancer’s Response Measures

• Immediate Action: Paused affected pools immediately upon discovering the attack to prevent further losses

• Community Collaboration: Worked with protocols like StakeWise and Gnosis to freeze stolen tokens

• Transparent Communication: Released initial reports quickly to explain the attack and response

• Financial Incentives: Offered a 20% bounty to incentivize recovery efforts, though currently unclaimed

This incident underscores the ongoing security challenges in DeFi and the critical importance of thorough audits. It also highlights the need for continuous vigilance and robust security practices to protect user funds in an evolving threat landscape.