QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$25 822 000 USD
NOVEMBER 2025
GLOBAL
BALANCER
DESCRIPTION OF EVENTS
Balancer is an automated portfolio manager and decentralized exchange protocol that optimizes cryptoasset management on Ethereum and other EVM-compatible blockchains. It enables liquidity providers to deposit tokens into pools, earning fees from traders who swap between assets. Unlike traditional portfolio management models, Balancer allows users to earn fees from traders who engage in arbitrage, rebalancing the portfolio in the process.
The protocol features custom-built Automated Market Makers (AMMs) that offer efficient trading and capital use. Balancer’s liquidity pools support multiple tokens, allowing seamless swaps between ERC-20 assets while minimizing gas costs. Its Smart Order Router helps traders access the best available prices by routing trades through the most efficient paths, ensuring minimal slippage and high capital efficiency.
Balancer has become a key component of decentralized finance (DeFi) infrastructure. By empowering developers with custom AMM capabilities, it supports permissionless trading and liquidity provision. As of June 3rd, 2020, Balancer had 153 liquidity pools, with over $10.2 million in total liquidity, showcasing its growing role in the DeFi ecosystem.
While the protocol had multiple audits, it was unfortunately vulnerable to this sophisticated attack.
Description by Tommy B:
"My initial analysis suggests the root cause was an invariant manipulation that distorted the BPT price calculation, allowing the attacker to profit from a specific stable pool through a single batch swap.
Take an attack TX on Arbitrum as an example, the batchSwap operation can be broken down into three phases:
1. The attacker swaps BPT for underlying assets to precisely adjust the balance of one token (cbETH) to the edge of a rounding boundary (amount = 9). This sets up the conditions for precision loss in the next step.
2. The attacker then swaps between another underlying (wstETH) and cbETH using a crafted amount (= 8). Due to rounding down when scaling token amounts, the computed Δx becomes slightly smaller (8.918 to 8), leading to an underestimated Δy and thus a smaller invariant (D from Curve’s StableSwap model). Since BPT price = D / totalSupply, the BPT price becomes artificially deflated.
3. The attacker reverse-swaps the underlying assets back into BPT, restoring balance while profiting from the deflated BPT price."
According to StakeWise, the total losses were 6,851 osETH and 13,495 osGNO. These had a value estimated at $25,822,059 USD + $1,700,000 USD = $27,522,059 USD.
Tommy B shared a report which stated that losses exceeded $120M across multiple chains.
The Balancer team responded promptly to a security exploit that affected V2 Composable Stable Pools earlier at 7:48 AM UTC. They assured the community that they were working with top security researchers to investigate the issue and would release a full post-mortem once the situation was understood. While many of the affected pools were outside the pause window, those that could be paused have already been paused and are in recovery mode.
The team emphasized that the exploit was isolated to the V2 Composable Stable Pools and did not impact Balancer V3 or other pools, with all other systems remaining unaffected. They reassured users of the protocol’s commitment to operational security, citing past audits by top firms and ongoing bug bounty programs as part of their proactive security measures. The team is collaborating with security and legal teams to ensure user safety and is conducting a thorough investigation.
The Balancer team also warned users about fraudulent communications claiming to be from their security team and advised against interacting with unsolicited messages or links. They clarified that official updates would only come through their verified channels on X (Twitter) and Discord, and promised to provide a comprehensive update as the investigation progresses.
Balancer has thus far published only initial details about the exploit situation.
StakeWise was able to recover the vast majority of the exploited funds through their DAO multi-sig.
The StakeWise team posts about a partial recovery of roughly $20.7m worth of funds including "~5,041 osETH (~$19M) and 13,495 osGNO (~$1.7M) tokens", which represents "73.5%" of the "~6,851 osETH stolen".
Balancer is still working on the release of an official post-mortem and investigation about this exploit.
Balancer’s V2 Composable Stable Pools were exploited due to an invariant manipulation that distorted the BPT price calculation, allowing the attacker to profit through a batch swap. This manipulation involved precise token swaps that deflated the BPT price, enabling the attacker to reverse-swap and pocket the difference. The exploit resulted in losses exceeding $120 million across multiple chains, with StakeWise recovering around 73.5% of the stolen funds. The Balancer team responded swiftly, pausing affected pools, conducting an investigation with security researchers, and assuring users that V3 and other pools were unaffected. They also warned users about fraudulent communications and promised further updates as the investigation continues.
Balancer - "Today, around 7:48 AM UTC, an exploit affected Balancer V2 Composable Stable Pools. Our team is working with leading security researchers to understand the issue and will share additional findings and a full post-mortem as soon as possible. Because these pools have been live onchain for several years, many were outside the pause window. Any pools that could be paused have been paused and are now in recovery mode." - Twitter/X (Nov 3)
realtommybibi - "This was a highly sophisticated exploit. My initial analysis suggests the root cause was an invariant manipulation that distorted the BPT price calculation, allowing the attacker to profit from a specific stable pool through a single batch swap." - Twitter/X (Nov 3)
stakewise_io - "Just half an hour earlier, StakeWise DAO emergency multisig has executed a series of transactions, recovering ~5,041 osETH (~$19M) and 13,495 osGNO (~$1.7M) tokens from the Balancer exploiter. On Ethereum mainnet, this represents 73.5% of the ~6,851 osETH stolen earlier today, and is as much as we could recover due to the attacker promptly converting the missing portion of the stolen assets into ETH. Stolen osGNO were recovered in full." - Twitter/X (Nov 3)
Balancer - "Were aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. Well share verified updates and next steps as soon as we have more information." - Twitter/X (Nov 3)
Attack Transaction - BlockSec (Nov 3)
Balancer AMM DeFi Protocol (Jan 9)
Welcome - Balancer (Jan 9)
