Balancer pins $116.6M multi-chain exploit on rounding bug in swap "upscale" function; recovery and pool pauses underway
first published 2025-11-06T13:54:40Z
Balancer traced the Nov. 3 exploit to a rounding bug in its "upscale" function used during swaps, which attackers abused to manipulate pool balances and siphon funds before withdrawing. The breach drained $116.6M across Ethereum, Arbitrum, Base and Polygon (notably 6,587 WETH, 6,851 osETH and 4,260 wstETH). StakeWise recovered ~$19M (≈73.5%) of osETH for users. Mitigations: affected pools paused, new pool creation and rewards halted, partners blocked/froze assets, whitehats reclaimed some funds; a final reconciled report will be published after verifications.
AI Analysis
The exploit was caused by a concrete rounding-bug in the protocol's "upscale" swap function that allowed manipulation of pool balances and removal of funds; $116.6M was drained across multiple chains and large token quantities were taken. Recovery actions (paused pools, halted new pools/rewards, partner freezes, whitehat recoveries and StakeWise reclaiming ~$19M osETH) are ongoing, indicating material short-term risk to Balancer liquidity and user funds.
Expected Investor Sentiment: Bearish
Potential Market Impact: High
Source Articles
- Balancer identifies root cause of $116m hack - Crypto News
- 'Shall We Be Concerned?': PeckShield Alerts of Next Major DeFi Risk Worth $27 Million - U.Today
- JPMorgan: Bitcoin Looks Cheap Compared to Gold, Bitcoin Price to $170,000 - Bitcoin Magazine
- Jurors ask pointed questions in MEV bot trial as deliberations proceed - Cointelegraph
