Balancer, a leading decentralized finance (DeFi) protocol, has confirmed that its V2 composable stable pools were exploited due to a rounding logic bug. The issue impacted pools deployed across multiple blockchains, raising fresh concerns about smart contract reliability in DeFi platforms.
The vulnerability allowed attackers to manipulate pool logic, likely by exploiting how the system handled rounding in token balances. This caused imbalances in the pool’s calculations, which were then leveraged to siphon funds.
Recovered Funds and Ongoing Investigation
Despite the exploit, Balancer managed to recover a portion of the affected funds. Specifically, the team retrieved 5,041 osETH and 13,495 osGNO tokens. However, the total scale of the attack remains under investigation, with final loss figures yet to be released.
The team is currently conducting a full post-mortem to identify the exact mechanics of the bug and how it propagated across chains. In the meantime, users are advised to exercise caution when interacting with Balancer pools, particularly the composable stable variants.
ALERT: Balancer says V2 scomposable stable pools were hit across multiple chains due to a rounding logic bug.
— Cointelegraph (@Cointelegraph) November 5, 2025
5,041 osETH and 13,495 osGNO recovered, final loss figures pending. pic.twitter.com/HZbw9NNCKh
Developer and Community Response
Balancer’s developer team acted swiftly to contain the situation and is working closely with the community to minimize damage. Bug bounties and white-hat outreach efforts are likely to follow as part of the mitigation process.
This incident underscores the ongoing challenges DeFi protocols face in ensuring secure, cross-chain operations. As DeFi continues to grow, the importance of robust code auditing and real-time monitoring has never been clearer.