Key Takeaways:
- Balancer DeFi protocol suffered an exploit on Nov. 3, with estimated losses between $100 million and $120 million.
- The attack targeted V2 Composable Stable Pools, while V3 remained unaffected. Early analysis links the vulnerability to a similar bug first identified in 2023.
- Researchers found that parts of the exploit code contained AI-generated traces, suggesting possible use of large language models.
- Analysts traced the root cause to rounding and batch swap calculation errors in the Balancer Vault.
The week started badly for the Balancer DeFi protocol, with yet another exploit shaking one of DeFi’s oldest projects. Early estimates put the losses between $100 million and $120 million, making it one of the biggest hacks of the year. What makes it worse is the familiarity of it all.
The vulnerability behind this attack traces back to a bug first spotted in 2023, now resurfacing in a more complex form. We looked into what happened, why it matters, and what this says about the current state of DeFi security.
Audits Didn’t Save Balancer DeFi Protocol
Balancer DeFi protocol is one of the projects in decentralized finance, operating as an automated market maker (AMM) that provides liquidity across multiple pools. The protocol has been active for several years in DeFi. Many in the crypto community pointed out that Balancer DeFi protocol had passed several security audits — something usually seen as a mark of reliability.
However, that raised even more questions when the protocol was exploited again this November. How could Balancer DeFi protocol, with so many audits behind it, still fall victim to a hack? One user on X (formerly Twitter) noted that the vault affected this time had been audited only once.
Old Bugs, New Faces
The exploit appears to have targeted the same V2 Composable Stable Pools that were previously involved in a vulnerability back in August 2023. At that time, the project also faced a serious technical issue, but the team managed the situation effectively. Developers praised how quickly Balancer DeFi protocol reacted and openly communicated with the community.
In August 2023, Balancer’s cooperation with a white-hat hacker known as GothicShanon89238 through Immunefi played a crucial role. The hacker discovered a flaw and responsibly disclosed it, receiving a $130,000 bounty. The vulnerability was found in linear pools (ERC4626).
During token swaps of very small wrapped-asset volumes, a rounding error caused the pool to withdraw an equivalent amount of base tokens at a 1:1 ratio, even though the wrapped token had a higher value. Under specific conditions, this allowed users to gradually extract value from the pool, threatening a large portion of its liquidity.
Immunefi later praised the protocol in a Medium post, noting that “Balancer also did an amazing job identifying the best mitigation plan, even with limited admin access to affected pools.”
In October 2023, Balancer DeFi protocol released a detailed report explaining the incident and the steps the team took to mitigate the issue. Ironically, that transparency earned Balancer recognition across DeFi circles and strengthened its reputation for openness.
History Repeats Itself in 2025
On Nov. 3, 2025, Balancer DeFi Protocol returned to the spotlight after another exploit. The official team has not yet published a post-mortem, but early reports indicate that the incident once again involved V2 Composable Stable Pools, while V3 pools appear unaffected.
The researcher Adi conducted an initial investigation and suggested that the attacker used a specially designed contract that, during pool initialization, managed to manipulate internal calls within the Balancer Vault. The vulnerability in authorization handling and callback logic allowed the attacker to bypass protections and perform unauthorized swaps, draining several interconnected pools.
At first glance, the mechanism of the attack resembles the 2023 issue with ERC4626 rounding. However, the 2025 exploit appears to go deeper. It was not a calculation flaw but an architectural one. While the 2023 bug was a singular error, this time the exploit exposed potential weaknesses in the very structure of Balancer V2 under certain conditions.
Later researchers discovered that the attacker’s contract still contained console.log statements, typical debug traces that are usually removed before deployment. These logs are often found in code generated by AI tools such as ChatGPT or other large language models. This led to speculation that the exploit might have been at least partially written with AI assistance.
If this version is confirmed, it could become one of the first recorded cases of an AI-assisted hack in the DeFi sector.
Lessons for DeFi
Security analysts from GoPlus Security believe that the root cause of the new exploit lies in the same kind of rounding issue previously found in Balancer Vault. Their analysis suggests that the vulnerability involved rounding-down precision losses within swap calculations. Each swap slightly mispriced the pool’s internal ratios, and when combined into a batchSwap, the losses compounded.
This allowed the attacker to manipulate pool prices and withdraw funds at a profit. The 2025 Balancer DeFi protocol attack can therefore be seen as an evolved version of the 2023 rounding bug — more complex, more damaging, and highlighting once again how mathematical precision can make or break a DeFi protocol.
The batchSwap function amplified the issue, just as it did in the previous vulnerability.
This incident demonstrates that even long-standing DeFi protocols with multiple audits are not immune to fundamental design flaws. Balancer DeFi protocol became another reminder of how technical debt in decentralized systems can accumulate quietly and reappear years later in new forms.
The post Old Bug May Have Cost Balancer DeFi Protocol Over $100M appeared first on Cryptonews.
