DeFiThe Balancer protocol has identified an internal bug in the rounding logic of its «upscale» function, which was the root cause of a recent $116 million exploit.
According to a developer report, the function used for token exchanges was hacked by attackers on several networks. This led to the rapid loss of WETH, osETH, and wstETH, which were involved in several transactions.
Attackers exploited the code’s handling of non-integer scaling factors to manipulate pool balances and withdraw funds. The Balancer team discovered that the breach allowed hackers to undetectedly move funds within vaults before final withdrawal. In total, the scammers stole $116,6 million. The damage affected multiple assets and networks, including Ethereum, Arbitum, Base and Polygon.
It was later revealed that one of the affected protocols, StakeWise, managed to recover nearly $19 million in osETH, representing approximately 73,5% of the total amount withdrawn using this asset. It was reported that these funds would be returned to affected Balancer users based on their pre-hack balances. However, the attacker had already converted some of the assets to ETH, meaning they are irretrievably lost.