Uncovering the $116 million Balancer attack: pinpointing the "rounding function" vulnerability, a fresh warning for DeFi security

Decentralized Protocol Balancer Confirms that a recent incident, which resulted in the theft of over $116 million in assets, was fundamentally caused by a logical error involving rounding in the protocol’s internal “upscale” function. The attack affected multiple networks including Ethereum, Arbitrum, Base, and Polygon, leading to significant losses of assets such as WETH, osETH, and wstETH.

Although the impacted StakeWise protocol has successfully recovered approximately $19 million worth of osETH, security teams have immediately paused affected liquidity pools and are tracking all suspicious transactions. This highlights the urgency for cross-chain DeFi governance layers to respond swiftly to security threats.

In-Depth Analysis of the Technical Root of Balancer’s Loss

$116M stolen: From EVM Logic Flaws to Multi-Chain Arbitrage

The attack on Balancer on November 3, 2025, exemplifies a typical smart contract precision issue leading to disaster. According to the initial report from the project team, the core vulnerability lies in the rounding logic within the “upscale” function used during token swaps.

In DeFi protocols, precise mathematical calculations are critical in token pools. The attacker exploited how the code handles non-integer scaling factors, carefully constructing transactions to systematically manipulate pool balances. This allowed them to drain liquidity across multiple networks. The stealthiness of this attack stems from the attacker’s ability to covertly transfer assets within the protocol’s vaults before the large-scale value transfer was exposed.

The total stolen assets amount to approximately $116.6 million, with the heaviest losses including 6,587 WETH, 6,851 osETH, and 4,260 wstETH. This indicates that the attacker targeted complex staked tokens with yield-enhancement features, highlighting the compounded risks when integrating LST protocols with DEXs.

Collaborative Defense: How the Ecosystem Responds to Fund Losses

Notably, following the security incident, the DeFi ecosystem demonstrated rapid risk mitigation:

• StakeWise, one of the most affected protocols, quickly acted to recover nearly $19 million in osETH, representing about 73.5% of the total loss, showcasing strong internal controls and swift response capabilities.
• Balancer and its security partners immediately activated multi-layer defenses:
  • Pausing all affected pools.
  • Blocking the creation of new pools to prevent further exploitation.
  • Suspending rewards on risky pools to freeze incentive-driven malicious activities.
• Broader efforts included protocols like Sonic Labs executing emergency freezes, and validators on networks like Berachain temporarily halting network operations to prevent fund transfers. This cross-protocol, cross-network “semi-shutdown” cooperation exemplifies mature security responses in DeFi and collective risk management.

Recovery Roadmap and Industry Lessons

Asset Tracking and Final Report: Transparency as a Trust Builder

Balancer’s team is working closely with security experts to audit the incident and verify asset losses. The project commits to releasing a final report after validating all affected contracts and transactions, clarifying total losses and recovery status.

For DeFi developers and builders, this incident serves as a wake-up call:

1. Function Precision Review: Rounding functions and multiplication handling are “black holes” in EVM deployments. Formal verification should be employed to rigorously review all mathematical logic involving asset adjustments.
2. Risk Isolation: While deep protocol integrations improve capital efficiency, they also expand the impact scope of a single vulnerability across multiple chains.

Until all assets are fully reconciled, users are advised to avoid interacting with the affected contracts and to stay tuned to official channels for updates, to guard against phishing or scams.

Conclusion

The massive loss caused by a “rounding error” in Balancer underscores the high precision demands in DeFi code. While the $116 million loss is painful, the swift response—asset freezing, partial recovery—demonstrates growing resilience in DeFi infrastructure. Moving forward, the community should focus on how Balancer can improve audits and upgrade its core AMM logic to ensure robustness, which is essential for maintaining its market leadership.