On November 3, 2025, the decentralized automated market maker (AMM) protocol Balancer v2 experienced an attack. SlowMist noted that several different projects — including its forked versions — had been impacted across various blockchains, resulting in “total losses of approximately $120 million.” According to blockchain security firm SlowMist, this particular incident added further strain to a sluggish DeFi ecosystem.
In a blog post, the SlowMist Security Team has shared a detailed analysis of the attack.
In the implementation of Balancer v2’s Composable Stable Pool (Stable Math based on Curve’s StableSwap), there existed “a precision loss issue in the integer fixed-point arithmetic used to compute the scalingFactors.”
As explained in the blog post from SlowMist, this led to relatively “small but compounding price discrepancies/errors during token swaps.”
The attacker exploited this flaw by executing “a series of small swaps under low-liquidity conditions, amplifying the accumulated deviation into significant cumulative profits.”
SlowMist pointed out that it is essential to understand several key concepts about Balancer, which will help “clarify the technical details discussed in the following sections.”
The Composable Stable Pool is designed “for token swaps between assets that are expected to maintain near-parity or a predictable exchange rate — such as USDC/USDT pairs (approximately 1:1) or WETH/stETH pairs with a known conversion ratio.”
BPT represents a share of a Balancer pool. When users add liquidity to the pool, they receive BPT tokens that “represent their proportional ownership of the pool’s liquidity.”
The liquidity pool allows swaps between LP tokens and “underlying liquidity assets to improve capital efficiency.” For instance, it enables “swaps between BPT tokens and liquidity tokens such as WETH or stETH.”
Balancer’s underlying pools are designed with “a mechanism to manage decimal precision and rounding direction.” And prior to any funds entering the pool for computation, scaling factors “are applied to ensure numerical precision and a rounding direction that favors the pool.”
The batch swap function enables users to “perform multiple token swaps within a single transaction, either across the same pool or multiple pools.”
The pools maintain internal accounting via “virtual balances and settle the final amounts after the batch swap is completed.”
On November 6, Balancer released an update, stating that while the attack had a wide impact, the fast response from multiple parties “significantly reduced losses in a short period of time.”
In summary:
“The core of this attack lies in the attacker exploiting a precision loss flaw in the integer fixed-point operations of scaling factors within Balancer v2’s Composable Stable Pool implementation. By carefully executing small swaps that magnified the resulting discrepancies, the attacker was able to generate massive profits via cumulative effects in batch swaps. The SlowMist security team recommends that project teams and auditors, when facing similar scenarios, should enhance test coverage for extreme cases and boundary conditions, with particular attention to precision handling strategies under low-liquidity conditions.”
For more details on this extensive analysis, check here.