- Balancer will return $8 million to affected liquidity providers following the V2 exploit.
- Whitehat and internal teams recovered part of the stolen $28 million.
- Reimbursements will be distributed pro rata in the same tokens via a 180-day claims process.
Decentralized finance protocol Balancer has announced a plan to reimburse liquidity providers (LPs) after a major exploit that drained more than $128 million from its V2 pools. The proposal, shared publicly for community review, outlines how recovered funds will be returned and sets the terms for claiming those funds.
The reimbursement proposal follows an extensive recovery effort led by whitehat hackers and internal teams. Those efforts recovered a portion of the stolen assets and aim to restore user funds and confidence in the platform. The plan has been submitted to the Balancer DAO for feedback and will require a formal governance vote before any distributions occur.
The Balancer exploit
The exploit, which took place in early November, targeted a rounding error in Balancer’s Composable Stable Pools (CSPv5). Attackers combined this vulnerability with batched swaps to manipulate price calculations and drain multiple pools across Ethereum, Polygon, Base, and Arbitrum.
Despite undergoing 11 prior security audits by four different blockchain security firms, this specific vulnerability went undetected. The breach had an immediate impact on the protocol: total value locked dropped from about $775 million to $258 million, and Balancer’s native BAL token fell roughly 30% in value. Several parts of the protocol were paused following the attack to limit further losses while recovery operations got underway.
Here’s everything you need to know about the Balancer Hack:
1. The attack targeted Balancer’s V2 vaults and liquidity pools, exploiting a vulnerability in smart contract interactions. Preliminary analysis from on-chain investigators points to a maliciously deployed contract that… pic.twitter.com/udAM4hB0OD
— Adi (@AdiFlips) November 3, 2025
Recovery efforts and whitehat contributions
In total, about $28 million of the stolen funds was recovered. Whitehat hackers were responsible for approximately $3.9 million of that recovery, while Balancer’s internal teams, working alongside security firm Certora, retrieved another $4.1 million from metastable pools that had not yet been exploited.
An anonymous whitehat referred to as “Anon #1” recovered about $2.68 million on Polygon, including tokens such as WPOL, MaticX, TruMATIC, and stMatic, according to the reimbursement proposal. Several rescuers on Arbitrum chose to remain anonymous and waived bounty claims, underscoring the community-driven nature of the response.
Separately, $19.7 million in osETH and osGNO tokens was recovered through StakeWise, an Ethereum liquid staking protocol. Those assets will be returned to users via StakeWise’s governance processes rather than Balancer’s reimbursement mechanism.
The $8 million reimbursement plan
Balancer’s distribution plan covers the roughly $8 million recovered directly by whitehats and internal teams. The proposal uses a targeted, non-socialized approach: only liquidity providers who held LP tokens in the specific affected pools at a snapshot block taken before the exploit will be eligible for reimbursement.
Payments will be made pro rata according to each user’s Balancer Pool Token (BPT) holdings at that snapshot and will be issued in-kind—meaning users will receive the same tokens that were stolen, avoiding conversions that could introduce price risk.
Whitehat contributors will be eligible for a 10% bounty of the recovered funds they return, capped at $1 million per operation. To collect a bounty, whitehat participants must complete identity verification, KYC, and sanctions screening under Balancer’s SEAL Safe Harbour Agreement. Internal recovery efforts and third-party contractors such as Certora are excluded from these bounties because of pre-existing service agreements.
If the DAO approves the plan, affected LPs will have 180 days to claim their reimbursements. Claimants must digitally accept Balancer’s updated terms of use, which include a release of Balancer Labs, the DAO, the Foundation, and affiliated parties from legal liability related to the exploit. Any funds not claimed within the 180-day window will be considered dormant and may only be reallocated through a subsequent governance vote.