Balancer V2 Exploit Drains $94.8M, $45.7M Recovered
Balancer exploit on November 3, 2025, saw attackers exploit a rounding-error bug in V2 Composable Stable Pools exact-out swaps, draining $94.8M across Ethereum, Arbitrum, Base, Optimism and Polygon. The exploit, magnified by low-liquidity exitSwap flash operations, forced Balancer to pause vulnerable pools within ten minutes, limiting further losses. Swift interventions by Certora, Trail of Bits, SEAL Safe Harbor whitehats and blockchain foundations, together with coordinated recoveries by Bitfinding, Berachain and StakeWise, have reclaimed $45.7M of stolen funds. Balancer V3 pools remained secure due to explicit rounding controls and simplified architecture. Following a 6% BAL token dip, traders are advised to migrate to V3 pools using Balancer’s formal guidance and incentives, while monitoring official channels for updates and scam alerts. This Balancer exploit underscores persistent DeFi security risks and the importance of rigorous audits.
Neutral
The Balancer exploit triggered a swift 6% drop in the BAL token as traders sold off amid security concerns. However, rapid fund recoveries totaling $45.7M, emergency pool pauses and the unaffected V3 architecture helped restore confidence and stabilize prices. In the short term, BAL experienced volatility, but coordinated recovery efforts and migration incentives mitigate long-term risks. As DeFi security measures improve, the incident is unlikely to exert sustained downward pressure, resulting in a neutral market outlook for BAL.