Balancer released a preliminary report on the vulnerability attack incident, saying that the composable stability pool of Balancer V2 was attacked on multiple chains (including Ethereum, Base, Avalanche, Polygon, Arbitrum, etc.) on November 4. The vulnerability stems from a rounding logic error for EXACT_OUT transactions in batch exchange (batchSwap), which attackers use to manipulate the balance of the pool and withdraw assets. This incident only affects the composable stability pool of Balancer V2, and Balancer V3 and other pool types are not affected.
The Balancer team worked quickly with security partners and white hat teams to contain the spread of the attack and recover some assets through measures such as Hypernative auto-pause, asset freeze, and white hat intervention under the SEAL framework. Among them, StakeWise has recovered about 73.5% of the stolen osETH, and teams such as BitFinding and Base MEV bot have also assisted in recovering some funds.
At present, Balancer is working with security partners such as SEAL and zeroShadow to conduct cross-chain tracking and fund recovery. The final verified loss and recovery data will be announced in the full technical review report. The official reminds users: V3 and unstable pool operations are still safe only by obtaining confirmation information through Balancer's official channels.
Balancer Releases Preliminary Report on Vulnerability Attack: Bulk Exchange Transaction Rounding Logic Error Exploited
2025-11-05 20:20:43
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Balancer发布漏洞攻击事件初步报告:系批量兑换交易四舍五入逻辑错误被利用Next article:
OpenAI首席财务官:OpenAI尚未为上市做准备