Security Agency: The Balancer attacker conducted an invariant attack on the BPT price calculation or is the main reason for the asset theft

The security agency BlockSec's on-chain tracking platform BlockSec Phalcon posted on platform X, stating, "Balancer and several of its fork projects were attacked a few hours ago, resulting in losses exceeding $120 million across multiple chains. This was an extremely complex attack.

Preliminary analysis indicates that the root cause was the attacker's manipulation of the invariant calculation for BPT prices, distorting the BPT price calculation and allowing the attacker to profit from a single batch transaction from a specific stablecoin pool.

Taking the attack transaction on Arbitrum as an example, the batch swap operation can be broken down into three stages: 1. The attacker exchanges BPT for the underlying asset to precisely adjust the balance of one token (cbETH) to bring it close to the rounding boundary (amount = 9). This creates conditions for precision loss in the next step; 2. The attacker then uses a pre-constructed amount (= 8) to swap between another underlying token (wstETH) and cbETH. Due to rounding down when scaling the token amount, the calculated Δx slightly decreases (8 0.918 to 8), resulting in an underestimated Δy, which causes the invariant (D) in Curve's StableSwap model to also decrease. Since BPT price = D / total supply, the BPT price is artificially suppressed; 3. The attacker then reverses the exchange of the underlying assets back to BPT, restoring balance while profiting from the drop in BPT price.