According to Odaily Planet Daily, BlockSec Phalcon, the on-chain tracing platform under security firm BlockSec, stated on the X platform that "Balancer and several of its forks were attacked several hours ago, resulting in losses exceeding $120 million across multiple chains. This was an extremely sophisticated attack."

Preliminary analysis indicates that the root cause is that the attacker manipulated the invariant calculation of BPT price, thereby distorting the BPT price calculation and enabling the attacker to profit from a specific stablecoin pool through a single batch of transactions.

Taking the attack transaction against Arbitrum as an example, the bulk swap operation can be broken down into three stages:

1. The attacker redeemed BPT for the underlying asset to precisely adjust the balance of a single token (cbETH) to near the rounding boundary (amount = 9). This set the stage for the subsequent loss of precision.

2. The attacker then used a pre-constructed quantity (= 8) to swap between another underlying token (wstETH) and cbETH. Because token quantity scaling rounds down, the calculated Δx decreases slightly (from 0.918 to 8), causing Δy to be underestimated, thus making the invariant (D) in Curve's StableSwap model smaller. Since BPT price = D / total supply, the BPT price is artificially suppressed.

3. The attacker reverses the exchange rate by converting the underlying asset back to BPT, restoring balance and profiting from the drop in BPT price.