Balancer Incident Preliminary Report

The preliminary report on the vulnerability attack incident released by Balancer indicates that the Balancer V2 composable stable pools were attacked on November 4 across multiple chains (including Ethereum, Base, Avalanche, Polygon, Arbitrum, etc.).

The vulnerability stemmed from a rounding logic error in the EXACT_OUT transactions during batch swaps, which the attacker exploited to manipulate the pool's balance and extract assets. This incident only affected the Balancer V2 composable stable pools, while Balancer V3 and other pool types were not impacted.

The Balancer team, along with security partners and white hat teams, acted swiftly to contain the attack's spread and recover some assets through measures such as automatic suspension by Hypernative, asset freezing, and white hat intervention under the SEAL framework. Among them, StakeWise has recovered approximately 73.5% of the stolen osETH, and teams like BitFinding and Base MEV bot have also assisted in recovering some funds.

Currently, Balancer is working with security partners such as SEAL and zeroShadow on cross-chain tracking and fund recovery. The final verified losses and recovery data will be published in a complete technical review report. The official reminder to users: obtain confirmation information only through Balancer's official channels; operations on V3 and non-stable pools remain safe.