- Balancer will return $8 million to affected liquidity providers after the V2 exploit.
- Whitehat hackers and internal teams recovered part of the $28 million that was retrieved.
- Compensations will be distributed pro rata in the same tokens via a 180-day claims process.
The decentralized finance protocol Balancer has unveiled a plan to reimburse liquidity providers (LPs) after a major exploit that drained more than $128 million from its V2 pools.
The reimbursement proposal follows an extensive recovery effort led by whitehat hackers and Balancer’s internal teams, aiming to restore funds and rebuild trust within the platform’s user community.
The plan has been submitted to Balancer DAO for community feedback and will require formal approval through an on-chain vote before any distributions begin.
Balancer exploit
The Balancer exploit, which occurred in early November, targeted a rounding function vulnerability in the Composable Stable Pools (CSPv5) implementation. Attackers combined this weakness with grouped swaps, allowing them to manipulate token price calculations and drain multiple pools across Ethereum, Polygon, Base and Arbitrum.
Despite 11 prior security audits conducted by four different blockchain security firms, the vulnerability remained unnoticed. The incident sent shockwaves through the DeFi sector: Balancer’s total value locked fell from roughly $775 million to $258 million, and its native BAL token declined by around 30%.
Parts of the protocol were immediately paused after the attack to prevent further losses, while whitehat operators and internal recovery teams began coordinating efforts to recover funds.
Here’s everything you need to know about the Balancer Hack:
1. The attack targeted Balancer’s V2 vaults and liquidity pools, exploiting a vulnerability in smart contract interactions. Preliminary analysis from on-chain investigators points to a maliciously deployed contract that… pic.twitter.com/udAM4hB0OD
— Adi (@AdiFlips) November 3, 2025
Recovery and whitehat contributions
Approximately $28 million of the stolen funds were recovered in total. Whitehat hackers played a significant role, recovering around $3.9 million, while Balancer’s internal teams—coordinating with security firm Certora—recovered an additional $4.1 million from vulnerable metastable pools that had not yet been exploited.
Among whitehat contributors, an anonymous actor known as “Anon #1” recovered $2.68 million on Polygon, including tokens such as WPOL, MaticX, TruMATIC and stMatic, as detailed in the proposed reimbursement plan.
Some rescuers on Arbitrum chose to remain anonymous and waived claims to rewards, underscoring the voluntary and community-driven nature of the recovery effort.
The remaining $19.7 million in osETH and osGNO tokens was recovered through StakeWise, a liquid staking protocol for Ethereum, and will be returned to users via StakeWise’s own governance and distribution mechanisms.
$8 million reimbursement plan
Balancer’s reimbursement framework focuses on the $8 million recovered directly by whitehats and internal teams. The approach is non-socialized, meaning funds will be returned only to liquidity providers of the specific affected pools rather than spread across the broader ecosystem.
Compensation will be allocated pro rata based on each user’s Balancer Pool token holdings at the snapshot block recorded prior to the exploit. Payouts will be made in-kind, so users receive the exact tokens that were taken, avoiding mismatches or unintentional losses due to price volatility.
Whitehat contributors are eligible for a 10% bounty on the amounts they recovered, capped at $1 million per operation. To receive their bounty, whitehat participants must complete identity verification, KYC and sanctions screening under Balancer’s SEAL safe-harbor agreement.
Notably, internal recovery operations—including the involvement of Certora—are excluded from bounty eligibility due to existing service agreements.
If the distribution plan is approved, affected liquidity providers will have a 180-day window to submit claims. During this period, claimants must digitally accept updated Balancer terms of use, which include an agreement to release Balancer Labs, Balancer DAO, the Balancer Foundation and related parties from legal liability connected to the exploit.
Funds that remain unclaimed after the 180-day claims period will be considered inactive and may only be redeployed or redistributed through a governance vote.