Balancer V2 Hack 2025 — $121M Exploit Analysis

An attacker exploited arithmetic rounding in Balancer's ComposableStablePool invariant combined with batchSwap to drain ~$121.1M across six chains in under 30 minutes.

Details

Full Description

On November 3, 2025, Balancer V2 was exploited through an arithmetic precision-loss bug in the ComposableStablePool invariant calculations, specifically in the _upscaleArray rounding logic. Combined with batchSwap operations, the attacker drained approximately $121.1M (initially reported as $128.6M) across six chains in under 30 minutes. A coordinated whitehat response under the SEAL Safe Harbor framework secured approximately $45.7M.

Laundering Analysis

No laundering activity observed. ~$45.7M secured via coordinated whitehat SEAL Safe Harbor response; remaining funds unrecovered.

Sources

Transaction Hashes

Related Hacks

Back to Browse