Earlier this week, a crucial vulnerability within the decentralized finance (DeFi) protocol Balancer was exploited, with crypto losses estimated to be value $120 million or extra. Whereas it was initially unclear how the exploit labored, a preliminary report from the staff behind Balancer has indicated it principally got here all the way down to how the protocol handled rounding crypto token balances.
This exploit of Balancer shocked many within the DeFi ecosystem, as this can be a venture that has undergone many safety audits from revered corporations, and the actual model of the protocol that was exploited had existed within the wild since 2021.
In an interview with CNBC’s Squawk Box on Wednesday morning, former Director of the Cybersecurity and Infrastructure Safety Company Chris Krebs in contrast the Balancer exploit to the scheme from Workplace Area, the place the concept was to skim fractions of a penny off the highest of many particular person transactions. Krebbs additionally pointed to the attainable use of synthetic intelligence in crafting the exploit code as one other attention-grabbing facet of the scenario.
With out getting too deep into the technical weeds, right here’s mainly what occurred with the exploit, in response to Balancer’s personal evaluation.
On the coronary heart of this mess was a rounding error in Balancer’s code associated to the way it handles trades, particularly batched swaps the place a number of trades between totally different crypto property might be bundled right into a single transaction. That is supposed to assist customers save on fuel, which is successfully the crypto-denominated price of interacting with a blockchain-based sensible contract platform like Balancer.
⚖️ Balancer Hack TL;DR:
🧮 Most tokens on Ethereum use 18 decimals, however some don’t.
✖️ Balancer upscales token quantities (to 18-dec) and downscales them again.
🔧 Upscaling all the time rounded DOWN, however downscaling might spherical UP or DOWN.
😬 The extra scaling steps concerned, the…
— Austin Griffith (@austingriffith) November 5, 2025
Throughout a selected model of one of these swap, often called EXACT_OUT, Balancer’s code has to scale numbers up or all the way down to make calculations exact (consider it like changing pennies to {dollars}). However the system typically rounded down in a manner that created tiny imbalances.
Over repeated trades, hackers might exploit these tiny gaps to mess with the pool’s balances, therefore Krebs’s comparability to the plan in Workplace Area. There was some further manipulation on high of that, however this rounding error was the important thing flaw that opened up the chance for the hacker.
Whereas the Balancer exploit despatched shockwaves all through the DeFi ecosystem, some blockchains had been capable of restrict the reward for the hacker by merely freezing property, which is clearly at odds with the “code is law” philosophy that was initially on the coronary heart of crypto platforms centered on extra expressive sensible contracts, reminiscent of Ethereum.
Some DeFi proponents had been nervous a hack of a broadly trusted protocol like Balancer would weaken the extent of belief within the DeFi sector extra usually; nonetheless, it’s clear that a lot of this exercise continues to be considerably centrally managed and capable of function in methods similar to traditional fintech platforms.
Everybody loves to say “crypto-economic safety” till Lazarus Group exhibits up.
— Matthew Inexperienced is on BlueSky (@matthew_d_green) November 6, 2025
According to Unchained, the Polygon and Sonic blockchains successfully froze or “censored” a number of the Balancer hacker’s property following the exploit to stop the funds from shifting wherever else sooner or later. Berachain went so far as to deploy an emergency laborious fork that can allow those affected by the hack to reclaim their funds.
That is paying homage to actions taken by Ethereum developers following the notorious hack of The DAO practically ten years in the past within the early days of the crypto community. And it’s clear that crypto continues to be combating the tradeoffs between giving everybody full management over their very own digital cash and subsequently having nobody to show to when one thing goes flawed.
Some have noted that it is smart to implement these kinds of coaching wheels-esque protections on much less developed crypto networks, however others see this as one more instance of how a lot of the supposed decentralization within the area is extra theater than technical actuality, as was also exposed during the recent Amazon Web Services downtime.
Trending Merchandise
