Balancer Report Uncovers V2 Pool Flaw in $117M DeFi Exploit as Berachain Achieves Full Recovery

• Exploit trigger: A flaw in handling non-integer scaling factors during EXACT_OUT swaps bypassed pool supply limits.

• Attack impacted V2 pools on networks like Ethereum, Arbitrum, and Berachain, but was contained quickly to limit further damage.

• Recoveries include $21 million from StakeWise and full $12.8 million restitution on Berachain, highlighting effective cross-chain responses; total losses estimated at $117 million per analyst reports.

Discover the Balancer V2 exploit details, including causes, impacts, and recoveries in this 2025 DeFi breach analysis. Stay informed on smart contract vulnerabilities and protection strategies—read now for essential insights.

What is the Balancer V2 Exploit?

The Balancer V2 exploit was a significant DeFi security incident that resulted in the theft of more than $117 million from Composable Stable Pools due to a code vulnerability in legacy smart contracts. This breach, confirmed less than 48 hours prior, exploited a rounding error combined with batch-swap features to manipulate pool balances across various networks. While Balancer’s newer V3 system proved resilient and unaffected, the event exposed ongoing risks in older protocol designs.

How Did the Balancer V2 Exploit Unfold?

The incident commenced at 07:46 UTC on Monday, when security monitoring by Hypernative detected unusual activity in Balancer’s V2 Composable Stable Pools operating on Ethereum, Base, Avalanche, Arbitrum, Optimism, Polygon, Gnosis, Berachain, and Sonic. Attackers targeted the upscale function’s handling of EXACT_OUT swaps with non-integer scaling factors, enabling repeated drainage of funds while evading the protocol’s minimum pool supply restrictions. This was amplified by the deferred settlement mechanism in batchSwap, allowing manipulations that cascaded across chains.

Independent analysts, drawing from on-chain data, peg the total losses at approximately $117 million, though Balancer has yet to finalize these figures. The protocol swiftly implemented containment, such as pausing vulnerable pools and leveraging white-hat interventions to halt additional extractions. According to reports from security firms like SEAL Safe Harbor, these measures recovered or froze a substantial portion of the stolen assets, underscoring the value of real-time monitoring in DeFi ecosystems.

Experts in blockchain security, including those from auditing teams, have noted that such arithmetic precision issues are common in complex smart contracts. One anonymous auditor remarked, “Rounding errors may seem minor, but in high-value pools, they create exploitable gaps that demand rigorous mathematical validation during development.”

Frequently Asked Questions

What Networks Were Affected by the Balancer V2 Exploit?

The Balancer V2 exploit impacted Composable Stable Pools on Ethereum, Base, Avalanche, Arbitrum, Optimism, Polygon, Gnosis, Berachain, and Sonic, leading to drained funds totaling over $117 million. Balancer’s team paused operations on these networks and coordinated recoveries, ensuring V3 pools and non-stable variants remained operational and secure throughout the incident.

How Has Berachain Responded to the Balancer Exploit Losses?

Berachain fully recovered its $12.8 million loss from the Balancer V2 exploit through rapid validator actions, an emergency hard fork, and collaboration with a white-hat hacker who returned the funds. Operations resumed promptly, including HONEY minting, with Berachain’s Chief Smokey Officer emphasizing community protection as the top priority in halting the network temporarily.

Key Takeaways

• Smart contract vulnerabilities persist in legacy systems: The Balancer V2 exploit highlights how subtle code flaws like rounding errors can lead to massive losses, even in established DeFi protocols.
• Swift response mitigates damage: Monitoring tools like Hypernative and white-hat recoveries, including $21 million from StakeWise, prevented total devastation across affected chains.
• Full recoveries are possible with coordination: Berachain’s complete restitution of $12.8 million demonstrates the effectiveness of network halts and community-driven efforts in DeFi security.

Conclusion

The Balancer V2 exploit serves as a stark reminder of the intricate risks in DeFi smart contracts, where a single rounding error in Composable Stable Pools triggered over $117 million in losses across multiple blockchains. With partial fund recoveries ongoing through frameworks like SEAL Safe Harbor and full restitution achieved on Berachain, the incident reinforces the importance of advanced auditing and vigilant monitoring. As the DeFi sector evolves, protocols like Balancer are poised to enhance security in upcoming versions, urging users to prioritize verified updates and diversified strategies for long-term protection.

Preliminary report reveals code flaw in V2 pools while partner chains begin full recovery.

Less than 48 hours after confirming one of the largest decentralized finance (DeFi) breaches of the year, Balancer has released its preliminary incident report, detailing how a rounding error and batch-swap exploit drained more than $117 million from its V2 Composable Stable Pools across multiple networks.

The report follows a chaotic week that shook the DeFi sector, exposing vulnerabilities in legacy smart contracts even as Balancer’s newest version, V3, remains unaffected. In parallel, Berachain, one of the networks hit during the exploit, announced the recovery of its entire $12.8 million loss, marking one of the rare full restitution cases in DeFi history.

How the exploit unfolded

According to Balancer’s report, the attack began at 07:46 UTC on Monday, when monitoring system Hypernative flagged abnormal behavior across V2 Composable Stable Pools on Ethereum, Base, Avalanche, Arbitrum, Optimism, Polygon, Gnosis, Berachain, and Sonic.

The attacker exploited a flaw in the upscale function, specifically how EXACT_OUT swaps handled non-integer scaling factors, to manipulate pool balances.

Combined with the protocol’s batchSwap deferred settlement feature, the exploit allowed attackers to repeatedly drain funds while bypassing the minimum pool supply limit.

@media only screen and (min-width: 0px) and (min-height: 0px) {
div[id^=”wrapper-sevio-e0d3bc50-0aae-47cc-a8d7-f0c9a0cef941″] {
width: 320px;
height: 100px;
}
}
@media only screen and (min-width: 728px) and (min-height: 0px) {
div[id^=”wrapper-sevio-e0d3bc50-0aae-47cc-a8d7-f0c9a0cef941″] {
width: 728px;
height: 90px;
}
}

While Balancer has not confirmed final loss figures, the $117 million estimate remains the most cited by independent analysts. The protocol emphasized that V3 and all non-stable pool types were unaffected and that containment measures, including automated pausing of v6 pools and white-hat recoveries, prevented further losses.

Containment and partial fund recovery

Rapid intervention helped stem the damage across networks. Balancer credits Hypernative, SEAL Safe Harbor, and multiple white-hat teams for recovering or freezing a portion of affected funds. Among the mitigations:

1. StakeWise recovered roughly $19 million in osETH and $2 million in osGNO, totaling nearly 73% of affected assets.

Just half an hour earlier, StakeWise DAO emergency multisig has executed a series of transactions, recovering ~5,041 osETH (~$19M) and 13,495 osGNO (~$1.7M) tokens from the Balancer exploiter.
On Ethereum mainnet, this represents 73.5% of the ~6,851 osETH stolen earlier today,… pic.twitter.com/b43EGf92hm

— StakeWise (@stakewise_io) November 3, 2025

1. Sonic Labs froze attacker wallets linked to Beets Finance, a Balancer fork on Sonic.

At approximately 3:45 AM EST on November 3rd, 2025, the Sonic security team was notified of suspicious activity involving a potential exploit on the @Beets_Fi protocol.
As a precautionary measure, the team deployed a safety mechanism planned to be implemented in an upcoming…

— Sonic (@SonicLabs) November 3, 2025

1. BitFinding and Base MEV bots retrieved over $750,000 combined.

All funds were returned back to the @Balancer DAO pic.twitter.com/3qUBdb6hGw

— BitFinding (@BitFinding) November 4, 2025

Balancer confirmed that a full post-mortem will follow, with independent auditors and partners verifying on-chain data, frozen assets, and recovery actions before publishing final figures.

Berachain achieves full restitution

Meanwhile, Berachain confirmed the complete recovery of its $12.8 million lost during the Balancer exploit, crediting swift validator coordination and assistance from a white-hat hacker who returned the funds.

The network had halted block production within hours of detecting the exploit, freezing attacker activity and later issuing an emergency hard fork to prevent further transfers.

Berachain’s Chief Smokey Officer, Smokey The Bera, defended the controversial network halt: “When roughly $12 million of user funds are at risk, our priority is protecting the community. Pausing operations wasn’t ideal, but it prevented total loss.”

Berachain has since resumed all operations, including HONEY minting and redemption, and said it may issue a bounty reward to the white-hat contributor who helped return the assets.

The bigger picture: DeFi’s recurring pain point

While Balancer’s transparency and recovery coordination have been praised, the incident underscores a deeper issue within DeFi, complex smart contract design and fragmented auditing standards.

Composable architecture, once touted as a key DeFi innovation, continues to introduce hidden attack surfaces and security risks. Balancer’s miscalculated rounding logic is just the latest example of how minor arithmetic flaws can cascade into multimillion-dollar exploits across chains.

Balancer team cautioned that public estimates remain unofficial until reconciled through partner verification. It urged users to avoid interacting with affected pools and to monitor only its official X and Discord channels for updates.

The company says recovery efforts under the SEAL Safe Harbor framework continue, with zeroShadow and BitFinding tracing assets. A full post-mortem and migration plan to V3 are next.

For DeFi, the saga is another warning: even in “trustless” systems, safety still depends on human vigilance, and white-hats fixing what code can’t.

Also read: Balancer Attacker Begins Swapping Stolen Funds for ETH

Follow The COINOTAG on Google News to Stay Updated!