The hack was one of the “most sophisticated” attacks so far in 2025, according to Deddy Lavid, CEO of blockchain security company Cyvers.
The team behind decentralized finance (DeFi) protocol Balancer published a preliminary post-mortem report on Wednesday, detailing the cause of the exploit that siphoned $116 million across DeFi markets.
Balancer was hit by a sophisticated code exploit on Monday that targeted Balancer v2 Stable Pools and Composable Stable v5 pools, while all other pool types remained unaffected, according to the report.
The hacker used a combination of BatchSwaps, which allow the user to bundle multiple actions in a single transaction, including flashloans — short-term loans borrowed and repaid within the same transaction — and an exploit of the upscale rounding function that affects EXACT_OUT swaps in the Stable Pools.
Read more