Balancer V2 osETH Exploit Across Ethereum, BSC, Avalanche, Polygon, and Arbitrum: Attack Contained with Partial osETH Recovery

Balancer issued an official preliminary incident report. The cross-chain notification confirms that Balancer’s Composable Stable Pool on Balancer V2 was targeted on November 4, with updates on November 6 across Ethereum, BSC, Avalanche, Polygon, Arbitrum, and other chains.

Investigators attribute the breach to a rounding error in the EXACT_OUT logic during batchSwap, enabling manipulation of pool balances and withdrawals. The impact is confined to the Composable Stable Pool; Balancer V3 and other pools were not affected.

Balancer’s response included an automatic pause via Hypernative, asset freezing, and white-hat interventions under the SEAL framework. StakeWise has recovered about 73.5% of the stolen osETH, with BitFinding and Base MEV bot aiding other recoveries.

The firm is collaborating with SEAL and zeroShadow to pursue cross-chain tracking and fund recovery. A comprehensive technical retrospective will disclose final loss figures, while users are urged to rely on official Balancer channels for confirmed guidance.