Balancer hack: Rounding bug in upscale triggered $116.6M

Balancer teams issued a Balancer hack analysis after the incident on Nov 3, outlining how an original report and the Balancer incident report traced crypto asset flows, recovery steps and mitigation plans for affected users across paused pools.

What caused the Balancer hack upscale function rounding bug and cross network asset drain?

Protocol engineers traced the failure to an upscale function rounding bug that distorted token scaling during swaps. In this context, non-integer scaling factors produced small arithmetic discrepancies.

Consequently, attackers amplified those errors through repeated transactions and extracted liquidity across chains.

On Nov 3, Balancer reported losses totalling $116.6 million. The breach touched multiple networks and tokens, requiring immediate containment.

How did the bug enable the drain?

The bug altered internal scaling calculations. As a result, tiny rounding differences grew with large swap volumes. That produced exploitable pool imbalances that allowed quiet vault transfers before final withdrawals.

Which assets were affected?

• 6,587 WETH
• 6,851 osETH
• 4,260 wstETH

How did security partners freeze pools and coordinate whitehat asset recovery efforts after the Balancer hack?

Immediate mitigation came from protocol teams and external partners. They enacted emergency steps to security partners freeze pools and halt vulnerable operations. Meanwhile, automated bots and white-hat groups began tracing and intercepting flows.

The coordinated response combined on-chain forensics, multisig freezes and negotiated returns. That said, some attacker-converted assets moved into ETH and remain irretrievable.

Did StakeWise actions affect the outcome during stakewise oseth recovery after the Balancer hack?

StakeWise led targeted restitution for its exposure. According to disclosed figures, it recovered $19M, roughly 73.5% of the drained osETH, and will return funds to affected users based on pre-incident balances.

What role did whitehat asset recovery efforts play?

Whitehat teams returned assets and supplied forensic leads that improved traceability. Moreover, their activity reduced net losses and aided coordination between affected projects and security partners.

Security experts emphasise the broader lesson: arithmetic edge-cases in token scaling pose systemic risk and demand stricter type checks.

As the original report notes, “Balancer identified a rounding bug” in the upscale logic, and independent reviewers recommend full reconciliations. Consequently, protocols should prioritise audits and standardized testing to close similar attack vectors.

Remaining work includes reconciliations and legal steps to secure residual funds. Some movement figures remain under review and are marked as [data to verify].

Independent audits and continuous monitoring are essential for long-term risk reduction.