On November 3, 2025, one of the most advanced automated market maker (AMM) platforms, Balancer Protocol, fell victim to a sophisticated exploit.
Initial reports estimated losses between $100 million and $128 million across multiple blockchains, though later assessments revised the figure down to around $70 million.

A Tiny Precision Bug

An attacker took advantage of a small rounding error in Balancer V2’s code, using two of its advanced features — batch transactions and composable pools — to turn a tiny flaw into a multimillion-dollar exploit.

💡
Batch transactions let traders perform several buys and sells within a single transaction, even if they don’t hold enough of the required tokens in between — as long as everything balances out at the end. In simple terms, it works like a built-in “flash loan,” letting all trades settle in one go.
💡
Composable pools are liquidity pools whose receipt tokens (Balancer Pool Tokens, or BPTs) can themselves be used inside other pools. This creates “pool-of-pools” structures, where one pool can hold another pool’s token along with regular assets like USDC, ETH, or stETH. The result is better capital efficiency — liquidity and yield from lower-level pools can be reused higher up the stack.

These two features together amplified the bug. The rounding error can significantly alter token prices in certain conditions, which allowed the attacker to manipulate the BPT price. By circulating those understated tokens about 65 times within a single batch transaction, the attacker turned tiny rounding differences into a large arbitrage gain.

Decentralized, Immutable — Until They’re Not

Balancer’s preliminary incident report revealed a core irony of decentralized finance. The very features meant to make protocols autonomous and “unstoppable” were, in this case, overridden to contain damage.

Some of the affected pools — notably CSPv6-type pools — included built-in emergency controls that could be triggered across multiple blockchains. These mechanisms effectively paused operations and froze liquidity, amounting to a centralized intervention within what is supposed to be a permissionless system.

Other projects connected to Balancer followed suit, showing just how thin the line between decentralization and administrative control can be:

  • StakeWise recovered about 5,041 osETH (around $19 million) and 13,495 osGNO (around $1.7 million) — roughly 73 % of the stolen assets — through its DAO multisig. The foundation later admitted this was possible due to a code loophole that allowed administrators to seize user tokens and pledged to remove that capability.
  • Berachain Foundation went further, halting its entire blockchain and performing a hard fork to roll back the ledger to pre-hack states. Few questioned why such a complex, append-only chain architecture was implemented in the first place.
  • Sonic Labs, operator of Beets (a Balancer V2 fork on Sonic), initiated an emergency freeze on attacker wallets, halting any transfers or conversions of compromised funds.
  • Monerium froze about 1.3 million EURe stablecoins in affected vaults to prevent further movement.
  • Gnosis, in coordination with Monerium, imposed temporary bridge restrictions, blocking outbound cross-chain transfers that could have dispersed stolen funds.

Balancer also reports that BitFinding, an IT security firm, claimed to have “clawed back” roughly $600,000 of assets on Ethereum mainnet — though no details were provided on how such a “clawback” is possible in a decentralized network.

Finally, Balancer noted that major liquidity providers, including Crypto.com (around $800,000 in cdcETH/wstETH) and Ether.fi (around $1 million in eBTC/wBTC), were allowed to withdraw funds from paused pools — a move reminiscent of priority treatment in traditional banking crises.

The difference is that traditional financial systems operate under external regulators who define when and how funds can be clawed back, and in what order. In the decentralized world, “code is law” was supposed to serve that role — yet, as this episode shows, the code is neither well-written nor truly law.

Share this article
The link has been copied!