Hackers stole over $120 million from DeFi protocol Balancer, gaining the ability to manipulate balances in V2 pools. Despite 11 security audits, a vulnerability in the swap mechanics allowed the attacker to accumulate profits through repeated small distortions during token exchanges. The platform is working on an investigation, and the DeFi market is once again faced with the issue of the reliability of even verified smart contracts. Balancer confirmed that on November 3, 2025, it was the victim of a large-scale hack that affected Composable Stable Pools in Balancer V2. The amount of losses is estimated at more than $128 million. Other pools, including V3, were not affected.
Initial assessments by the company and third-party researchers indicate that the incident is related to a rounding error in swap calculations. Each operation rounded down, creating the opportunity for small errors to compound through batch-swap calls. As a result, these “kopecks” turned into a multimillion-dollar profit.
Other experts suggest an alternative vector — problems with authorizations and callback logic in Balancer repositories, where the attacker allegedly modified the call logic during pool initialization and bypassed protection.
The Balancer team is working with external analysts, preparing a full report and warning users about a wave of phishing attacks disguised as “official” refund offers.
Balancer is one of the key DeFi protocols on Ethereum, allowing for the creation of liquid pools with flexible token configuration. Despite 11 V2 audits since 2021, the incident once again demonstrates that even verified smart contracts can contain logical vulnerabilities.
This is one of the largest cryptocurrency hacks of 2025. Context reinforces the general trend:
Over $2 billion stolen in a year by hackers linked to North Korea
Largest incident — Bybit ($1.5 billion in February 2025)
DeFi remains a prime target for cybercriminals due to contract complexity and large liquidity balances
The Balancer hack once again exposed a fundamental problem with DeFi — the cryptographic code may be perfect, but the execution logic is not. The swap micro-imbalance attack shows cybercriminals’ shift to increasingly sophisticated mathematical exploits. For the industry, this is a signal for a change in approach: multiple audits are no substitute for active monitoring of anomalies and stress testing of contract logic.
