One of Ethereum’s leading decentralized finance (DeFi) protocols has suffered a major cyber-attack, resulting in cryptocurrency losses estimated to exceed $120m.
Balancer is an automated market maker (AMM) and portfolio manager, allowing users to trade in crypto and earn money by providing liquidity to “Balancer pools.”
However, yesterday morning UK time, the firm experienced an attack targeting its Balancer V2 Composable Stable Pools.
“Our team is working with leading security researchers to understand the issue and will share additional findings and a full post-mortem as soon as possible,” it said in a post on X (formerly Twitter).
“Because these pools have been live onchain for several years, many were outside the pause window. Any pools that could be paused have been paused and are now in recovery mode.”
Balancer was at pains to point out that the attack didn’t affect any of its other pools, such as V3.
Read more on crypto heists: Crypto Hack Losses in First Half of 2025 Exceed 2024 Total
Security experts claimed the sophisticated raid exploited a “rounding down precision loss” in the Balancer Vault’s calculations.
“Each calculation rounded down, affecting token prices. The batchSwap function amplified this vulnerability, allowing attackers to manipulate prices through crafted parameters,” explained GoPlus Security.
“This attack highlights the critical importance of precision handling in DeFi protocols. Even small rounding errors can be weaponized through batch operations.”
Phishing Messages Circulate
Balancer warned customers not to fall for an opportunistic phishing campaign attempting to piggyback on the news.
“Fraudulent messages claiming to be from the Balancer Security Team are circulating,” it wrote.
“These are not from us. Do not interact with unsolicited communications or click unknown links.”
It appears that the fraudster is offering the hackers a 20% “white-hat bounty” if they ‘return’ the stolen funds to a third-party address. If they do not cooperate, the fraudster is claiming to have enough blockchain forensic data to identify them.
That’s unlikely to work, given that most heists of this scale are carried out by North Korean actors. Threat actors stole $2.2bn from cryptocurrency platforms in 2024, with most (61%) funds taken by Pyongyang-aligned hackers, according to Chainalysis.
Worryingly, Balancer confirmed that it has “undergone extensive auditing by top firms” and runs bug bounty programs to incentivize researchers to find vulnerabilities in its platform. If true, it suggests that even nominally secure crypto firms have little defense against sophisticated attacks like this.
