One of Ethereum’s leading decentralized finance (DeFi) protocols suffered a major cyberattack, resulting in cryptocurrency losses estimated at over $120 million.
Balancer is an automated market maker (AMM) and portfolio manager, allowing users to trade cryptocurrencies and earn money by providing liquidity to “Balancer pools”.
However, yesterday morning UK time, the company suffered an attack targeting its Balancer V2 composable stable pools.
“Our team is working with leading security researchers to understand the issue and will share additional results and a full post-mortem analysis as soon as possible,” he said in a post on X (formerly Twitter).
“Since these pools have been online for several years, many were outside the pause window. Any pools that could be paused have been paused and are now in recovery mode.”
Balancer was keen to point out that the attack did not affect any of its other pools, such as V3.
Read more about crypto heists: Crypto hack losses in first half of 2025 exceed 2024 total
Security experts claimed the sophisticated raid exploited a “loss of rounding precision” in the Balancer Vault calculations.
“Each calculation is rounded, affecting token prices. The batchSwap function amplified this vulnerability, allowing attackers to manipulate prices via specially crafted parameters,” GoPlus Security explained.
“This attack highlights the critical importance of fine-grained management in DeFi protocols. Even small rounding errors can be exploited through batch operations.”
Phishing messages are circulating
Balancer has warned customers not to fall for an opportunistic phishing campaign trying to take advantage of the news.
“Fraudulent messages claiming to come from the Balancer security team are circulating,” he wrote.
“These are not from us. Do not interact with unsolicited communications or click on unfamiliar links.”
It appears that the fraudster is offering hackers a 20% “white hat bonus” if they “return” the stolen funds to a third-party address. If they don’t cooperate, the fraudster claims to have enough forensic data on the blockchain to identify them.
This is unlikely to work, given that most heists of this scale are carried out by North Korean actors. Threat actors stole $2.2 billion from cryptocurrency platforms in 2024, with most (61%) of the funds recovered by Pyongyang-aligned hackers, according to Chainalysis.
Worryingly, Balancer confirmed that it has “been heavily audited by major companies” and operates bug bounty programs to entice researchers to find vulnerabilities in its platform. If true, it suggests that even nominally secure crypto companies have little defense against sophisticated attacks like this.
