Technical Analysis: How was Balancer Hacked for $120 Million, and Where was the Vulnerability? On [date], Balancer, a popular decentralized exchange (DEX), was hacked for $120 million in a sophisticated attack. The vulnerability exploited in this atta...

By: blockbeats|2026/03/28 22:05:43

LINK

ETH

ARB

Original Article Title: "Balancer $120M Hack Vulnerability Technical Analysis"
Original Source: ExVul Security

Foreword

On November 3, 2025, the Balancer protocol was attacked on multiple chains including Arbitrum and Ethereum, resulting in a $120 million asset loss. The attack was primarily due to a dual vulnerability involving precision loss and Invariant manipulation.

Chainlink's infrastructure has long maintained the highest standards in the Web3 space, making it a natural choice for X Layer, which is dedicated to providing institutional-grade tools for developers.

The key issue in this attack lies in the protocol's logic for handling small transactions. When users conduct exchanges with small amounts, the protocol invokes the _upscaleArray function, which uses mulDown for rounding down values. When the balance in the transaction and the input amount both hit a specific rounding boundary (e.g., the 8-9 wei range), a noticeable relative precision error occurs.

This precision error is propagated to the calculation of the protocol's Invariant value D, causing an abnormal reduction in the D value. The fluctuation of the D value directly lowers the price of the Balancer Pool Token (BPT) in the Balancer protocol. The hacker exploited this suppressed BPT price through a premeditated trading path to conduct arbitrage, ultimately leading to a massive asset loss.

Exploited Transaction:

https://etherscan.io/tx/0x6ed07db1a9fe5c0794d44cd36081d6a6df103fab868cdd75d581e3bd23bc9742

Asset Transfer Transaction:

https://etherscan.io/tx/0xd155207261712c35fa3d472ed1e51bfcd816e616dd4f517fa5959836f5b48569

Technical Analysis

Attack Vector

The entry point of the attack was the Balancer: Vault contract, with the corresponding entry function being the batchSwap function, which internally calls onSwap for token exchanges.

Technical Analysis: How was Balancer Hacked for src=

From the perspective of function parameters and restrictions, several pieces of information can be obtained:

1. The attacker needs to call this function through the Vault and cannot call it directly.

2. The function will internally call _scalingFactors() to get the scaling factor for scaling operations.

3. The scaling operation is concentrated in either _swapGivenIn or _swapGivenOut.

-- Price

Attack Pattern Analysis

BPT Price Calculation Mechanism

In Balancer's stable pool model, the BPT Price is a crucial reference point that determines how much BPT a user receives and how much each BPT receives in assets.

In the pool's exchange calculation:

Where the part acting as the BPT Price anchor is an immutable value D, which means controlling the BPT Price requires controlling D. Let's analyze the calculation process of D further:

In the above code, the calculation process of D depends on the scaled balances array. This means that an operation is needed to change the precision of these balances, leading to an incorrect D calculation.

Root Cause of Precision Loss

Scaling Operation:

As shown above, when passing through _upscaleArray, if the balance is very small (e.g., 8-9 wei), the rounding down in mulDown will result in significant precision loss.

Attack Process Detailed

Phase 1: Adjustment to Rounding Boundary

Phase 2: Trigger Precision Loss (Core Vulnerability)

Phase 3: Exploiting Depressed BPT Price for Profit

Above, the attacker uses Batch Swap to perform multiple exchanges in one transaction:

1. First Exchange: BPT → cbETH (balance adjustment)

2. Second Exchange: wstETH (8) → cbETH (trigger precision loss)

3. Third Exchange: Underlying Asset → BPT (profit-taking)

All these exchanges occur in the same batch swap transaction, sharing the same balance state, but each exchange calls _upscaleArray to modify the balances array.

Lack of Callback Mechanism

The main process is initiated by the Vault. How does this lead to accumulating precision loss? The answer lies in the passing mechanism of the balances array.

Looking at the above code, although Vault creates a new currentBalances array each time onSwap is called, in Batch Swap:

1. After the first swap, the balance is updated (but due to precision loss, the updated value may be inaccurate)

2. The second swap continues the calculation based on the result of the first swap

3. Precision loss accumulates, eventually causing the invariant value D to significantly decrease

Key Issue:

Summary

The Balancer attack can be summarized for the following reasons:

1. Scaling Function Uses Round Down: _upscaleArray uses mulDown for scaling, which results in significant relative precision loss when the balance is very small (e.g., 8-9 wei).

2. Invariant Value Calculation Is Sensitivity to Precision: The calculation of the invariant value D relies on the scaled balances array, and precision loss directly affects the calculation of D, causing D to decrease.

3. Lack of Invariant Value Change Validation: During the swap process, there was no validation to ensure that the change in the invariant value D was within a reasonable range, allowing attackers to repeatedly exploit precision loss to suppress the BPT price.

4. Accumulation of Precision Loss in Batch Swaps: Within the same batch swap, the precision loss from multiple swaps accumulates and eventually leads to significant financial losses.

These two issues—precision loss and lack of validation—combined with the attacker's careful design of boundary conditions, resulted in this loss.

This article is a contribution and does not represent the views of BlockBeats.

Solana did not fall behind during the bear market. Trading enthusiasm has waned, but the network is more stable, RWA and stablecoins are expanding, and the capital foundation is much thicker than in the previous cycle. The real question is: when the speculative tide recedes, can perpetuals, predicti...

Young people in South Korea make a "final effort" in the epic bull market

The South Koreans' average of two accounts for wildly gambling in the chip bull market reflects the survival anxiety and harsh reality of countless young people trying to break through class barriers behind the nationwide stock trading frenzy for wealth.

Dialogue with OmenX Founder: Why does the prediction market need an evolution from "spot" to "derivatives"?

How to reconstruct the prediction market using leverage?

When the P2P illicit funds from ten years ago turned into 60,000 bitcoins

The largest Bitcoin money laundering case in the UK has new developments: 16,000 Chinese victims are pursuing 61,000 seized Bitcoins across borders, and the dispute over the applicability of UK and Chinese laws will directly determine whether the victims can share in the soaring profits.

Morning News | CME Group launches Nasdaq Cryptocurrency Index futures; Asset management giant Janus Henderson strategically invests in Ethena

Overview of Important Market Events on June 10

Why did Oracle deliver the strongest financial report in history, yet its stock price fell?

Oracle's revenue for fiscal year 2026 set a record, with AI cloud orders soaring to $638 billion, but massive capital expenditures on computing power led to negative free cash flow, causing a 5% drop in after-hours stock prices.

Bitcoin Layer 2 Network Botanix: Why Did We Choose to Dissolve?

The Bitcoin L2 star project Botanix announced a gradual shutdown, with the team admitting to facing severe challenges from the failure of its business model and the prevailing trends. Users are urged to withdraw all assets before July 9, 2026.

Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing

Overview of Important Market Events on June 9th

Galaxy Deep Research Report: How Hyperliquid's HIP-4 Upgrade Changes the Landscape of Prediction Markets?

The platform that wins this competition will be the one whose execution layer is the hardest to replicate, whose builder ecosystem delivers the fastest, and whose regulatory path is the most open.

Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI

The combination of AI and crypto is still in its early stages, with both serving as complementary "middleware": AI translates human intentions into executable programs, while cryptographic technology provides verifiable and tamper-proof guarantees for computational processes and results. In the dire...

Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention

Instead of competing with ambition, focusing on restraint, how does Anthropic leverage extreme strategic focus and an "counterintuitive" geek culture to counterattack OpenAI on the AI battlefield?

Every exchange is a "Universal Exchange."

You initially build infrastructure for something, then realize it can also be used for many other things, and then you continuously expand the business to accommodate everything that the infrastructure can support.

The counterattack of traditional finance: Alliance chains are quietly reviving

Whether public chains win or consortium chains win has never been the focus.

Pantera Capital Partner: How Tokenization is Restructuring the Private Equity and Early Investment Ecosystem?

Top tech companies are going public later and later, leaving retail investors shut out during the high growth period. Can tokenization give ordinary people back this entry ticket?

Mastercard Launches Agent Pay for AI, Plans to Record AI Agent Payment Authorizations on Polygon

Mastercard launched Agent Pay for AI, a new payment protocol designed to help AI agents make small payments such as pay-per-use access to data and APIs. The system plans to record human-granted AI agent permissions on Polygon, focusing on verifiable authorization, identity, and payment controls.