Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Features writer
Olga Primakova
Features writer
Olga Primakova
share
Facts checked by
Elena Bozhkova
Features Lead
Elena Bozhkova
Key tips: :
- The Balancer DeFi protocol suffered an exploit on November 3, with losses estimated between $100 million and $120 million.
- The attack targeted V2 Composable Stable Pools, while V3 was not affected. Initial analysis links the vulnerability to a similar bug previously identified in 2023.
- The researchers found that parts of the exploit code contained AI-generated traces, suggesting the possible use of major language patterns.
- Analysts traced the root cause to rounding and batch swap calculation errors in the Balancer Vault.
The week started badly for the Balancer DeFi protocol, with another exploit shaking one of DeFi’s oldest projects. The first estimates put the losses between $100 million and $120 million, making it one of the biggest hacks of the year. What’s worse is the familiarity of it all.
The vulnerability behind this attack goes back to a bug first discovered in 2023, which is now reborn in a more complex form. We look at what happened, why it matters, and what this says about the current state of DeFi security.
Audits did not save Balancer’s DeFi protocol
The Balancer DeFi protocol is one of the projects in decentralized finance, operating as an automated market maker (AMM) that provides liquidity in several pools. The protocol has been active for many years in DeFi. Many in the crypto community noticed that the Balancer DeFi protocol had passed several security audits – something usually seen as a mark of reliability.
However, this raised even more questions when the protocol was exploited again this November. How could the Balancer DeFi protocol, with so many audits behind it, still fall victim to a hack? A user on X (formerly Twitter) noted that the affected vault this time had only been verified once.
Old bugs, new faces
The exploit seems to have targeted the same V2 Composable Stable Pools that were previously involved in a vulnerability in August 2023. At that time, the project also faced a serious technical problem, but the team managed the situation effectively. The developers praised how quickly the Balancer DeFi protocol reacted and communicated openly with the community.
In August 2023, Balancer’s cooperation with a white hat hacker known as GothicShanon89238 through Immunefi played a crucial role. The hacker discovered a flaw and responsibly disclosed it, receiving a $130,000 bounty. The vulnerability was found in linear pools (ERC4626).
During token exchanges of very small volumes of packaged assets, a rounding error caused the pool to withdraw an equivalent amount of base tokens at a 1:1 ratio, even if the packaged token had a higher value. Under specific conditions, this allows users to gradually extract value from the pool, threatening a large part of their liquidity.
Immunefi later praised the protocol in a Medium post, noting that “Balancer also did an amazing job identifying the best mitigation plan, even with limited admin access to the affected pools.”
In October 2023, the Balancer DeFi protocol released a detailed report explaining the incident and the steps the team took to mitigate the problem. Ironically, that transparency has earned Balancer recognition in DeFi circles and strengthened its reputation for openness.
History repeats itself in 2025
On November 3, 2025, Balancer DeFi Protocol came under fire again after another exploit. The official team has yet to release a post-mortem, but early reports indicate that the incident also involved V2 Composable Stable Pools, while V3 pools appear to be unaffected.
The researcher Adi carried out an initial investigation and suggested that the attack used a specially designed contract that, during the initialization of the pool, was able to manipulate the internal calls in the Balancer Vault. Vulnerabilities in authorization handling and callback logic allowed an attacker to bypass protections and perform unauthorized exchanges, draining multiple interconnected pools.
At first glance, the attack mechanism resembles the 2023 problem with ERC4626 rounding. However, the 2025 exploited seems to go deeper. It was not a calculation defect but an architectural one. While the 2023 bug was a singular error, this time the exploit exposed potential weaknesses in the very structure of Balancer V2 under certain conditions.
Researchers later discovered that the attacker’s contract still contained console.log statements, typical debug traces that are usually removed before deployment. These logs are often found in code generated by AI tools like ChatGPT or other major language models. This has led to speculation that the exploit may have been at least partially written with AI assistance.
If this version is confirmed, it could become one of the first recorded cases of an AI-assisted hack in the DeFi sector.
Lessons for DeFi
Security analysts at GoPlus Security believe the root cause of the new exploit lies in the same type of rounding issue previously found in Balancer Vault. Their analysis suggests that the vulnerability involved rounding precision losses in swap calculations. Each swap slightly mispriced the internal reports of the pool, and when they are combined in a batchSwap, the compound losses.
This allowed the attacker to manipulate pool prices and withdraw funds at a profit. The 2025 Balancer DeFi protocol attack can therefore be seen as an evolved version of the 2023 rounding bug – more complex, more damaging, and highlights once again how mathematical precision can make or break a DeFi protocol.
The batchSwap function amplified the problem, as in the previous vulnerability.
This incident demonstrates that even long-standing DeFi protocols with multiple audits are not immune to fundamental design flaws. The Balancer DeFi protocol has become another reminder of how technical debt in decentralized systems can accumulate silently and reappear years later in new forms.
