Balancer has uncovered the technical root cause behind the recent hack that shook its platform.
Summary
- Balancer identified a rounding bug in its “upscale” function as the cause of the exploit that drained assets across multiple networks.
- Over $116 million was stolen, with losses spanning Ethereum, Arbitrum, Base, and Polygon, though StakeWise recovered $19 million of osETH for affected users.
- Recovery efforts are ongoing, as the protocol and partners freeze vulnerable pools, trace stolen funds, and prepare a final report on asset reconciliation.
DeFi protocol Balancer has identified an internal bug in the rounding logic of the “upscale” function as the root cause of the November 3 exploit that drained over $116 million from its platform. According to a recently published preliminary report, the function, which is used during token swaps, was exploited by attackers across multiple networks, leading to swift losses of WETH, osETH, and wstETH that were pulled in several transactions.
Attackers took advantage of how the code handled non-integer scaling factors to manipulate pool balances and drain value. Balancer revealed the breach allowed hackers to move funds quietly within vaults before final withdrawal.
In total, $116.6 million was stolen by the time the dust settled, with losses spanning several assets and networks, including Ethereum, Arbitrum, Base, and Polygon. Among the stolen tokens, the largest amounts included 6,587 WETH, 6,851 osETH, and 4,260 wstETH, as earlier reported and confirmed in the incident report.
StakeWise, one of the affected protocols, managed to recover nearly $19 million worth of osETH, corresponding to about 73.5% of the total drained for that asset. These funds will be returned to impacted users according to their balances before the hack, though the attacker has also converted some assets into ETH, making them irretrievable.
Balancer takes recovery actions
Balancer and its security partners are still auditing the incident and reconciling the lost funds, with mitigation and recovery efforts ongoing. Following the exploit, security teams paused all affected pools, disabled the creation of new pools, and halted rewards for any pools identified as vulnerable, according to the project’s official incident report.
Several teams in the broader DeFi space also took steps to limit losses and contain attacker movements. Protocols like Sonic Labs executed an emergency freeze on accounts linked to the hack, while Berachain validators briefly halted their network to prevent funds from moving. Other partners, like Monerium and Gnosis, introduced controls to freeze or block assets as part of a coordinated stoppage.
Whitehat teams and supporting bots intercepted transactions to claw back assets, with some managing to return hundreds of thousands of dollars. The efforts came from both automated systems and manual tracing, building a layered approach to asset recovery.
Balancer noted that once all affected pools and transactions are verified, a final report will be published with confirmed totals and the status of recoveries. Until then, users are advised to avoid impacted contracts and follow updates via official channels, as further reviews and reconciliations are ongoing.
Source: https://crypto.news/balancer-identifies-root-cause-of-116m-hack/
