A recent attack on Balancer’s V2 ComposableStablePools highlighted severe vulnerabilities in decentralized finance security. The exploit occurred on November 3, 2025, when an attacker drained approximately $128.64 million within a mere 30-minute window through sophisticated manipulations of token prices and smart contract functions. By executing a series of 65 micro-swaps, the attacker capitalized on rounding errors generated by the _upscaleArray function during balance calculations, which resulted in considerable precision loss.
Researchers from Check Point noted that the attack did not hinge on a novel vulnerability type but rather leveraged existing rounding inaccuracies that could be magnified through multiple operations. The exploit’s methodology involved pushing token balances to critical rounding thresholds, engaging in small swaps to induce further precision loss, and subsequently purchasing Balancer Pool Tokens (BPT) at suppressed prices for profit. This event serves as a critical reminder of the need for stringent security measures in DeFi protocols to address mathematical vulnerabilities that can lead to extensive financial losses.
👉 Pročitaj original: Cyber Security News
