Balancer Breach Tied to Batch Swap Rounding Bug; Investigation Ongoing

The decentralized finance platform Balancer has acknowledged a significant security breach affecting its V2 protocol and its forks on other chains.

Balancer Confirms ‘Significant’ V2 Exploit

The decentralized finance (DeFi) platform Balancer has acknowledged that a recent security breach targeting its V2 protocol and forks on other chains “was significant.” In its latest update, Balancer stopped short of confirming losses exceeding $100 million, stating that final impact figures are still under verification and will be disclosed only after multi-party validation.

The confirmation came more than 24 hours after Stakewise DAO announced it had recovered $20.7 million in digital assets from the attackers, with plans to return the funds to affected users. As reported by Bitcoin.com News and other outlets, Balancer reportedly lost more than $116 million after hackers exploited a vulnerability in smart contract interactions.

One analyst speculated that the attackers may have used techniques such as “vibe coding” or large language models to execute the exploit. However, in a preliminary report, Balancer identified the root cause as a flaw in the upscale function’s rounding logic.

The platform said that consistent rounding down in swaps designed to output exact amounts allowed attackers to extract value systematically. It explained:

“Attackers were able to exploit the incorrect rounding behavior in combination with the batchSwap functionality to manipulate pool balances and extract value. In many instances, the exploited funds remained within the Vault as internal balances before being withdrawn in subsequent transactions.”

Balancer said it is currently prioritizing mitigation and fund recovery while the investigation remains ongoing. It also disclosed that it maintains a continuously verified internal ledger tracking exploiter flows, whitehat rescues, frozen assets, recovered funds, and both protocol and user withdrawals. The platform urged users to disregard unofficial loss estimates circulating online.

FAQ 🧠

• What happened to Balancer’s DeFi protocol? Balancer confirmed a major exploit targeting its V2 and forked chains, with losses still under review.
• How much was reportedly stolen in the Balancer hack? Reports estimate over $116 million lost, though Balancer has not yet validated the final figure.
• What caused the vulnerability in Balancer’s smart contracts? A flaw in the upscale function’s rounding logic allowed attackers to manipulate pool balances.
• Has any of the stolen crypto been recovered? Stakewise DAO recovered $20.7 million, and Balancer is actively tracking and verifying fund flows.