Balancer v2 Exploit Drains $117M batchSwap Rounding Error

Balancer v2 exploit drained $117 million from Composable Stable Pools across Ethereum, Arbitrum, Avalanche, Optimism, Polygon, Gnosis, Base, Berachain and Sonic. The attack exploited a rounding error in the EXACT_OUT mode of the batchSwap upscale function, allowing attackers to bypass minimum supply checks. Balancer paused vulnerable v6 pools with Recovery Mode, while v5 pools remained at risk until intervention. In the Balancer v2 exploit, white-hat groups and security teams have recovered over $21 million so far. StakeWise reclaimed 5,041 osETH and 13,495 osGNO. Base MEV and BitFinding secured about $750,000. Monerium froze €1.3 million in EURe. Berachain initiated an emergency hard fork to fully restore its $12.8 million loss. Sonic and other chains froze attacker addresses. Balancer v3 was unaffected. This incident highlights the risks of smart contract rounding errors in DeFi protocols. Traders should avoid affected pools, monitor security updates and audits, and favour protocols with proven real-time monitoring and cross-chain recovery frameworks.