- Balancer will return $8 million to affected liquidity providers following the V2 exploit.
- Whitehat hackers and internal teams recovered part of the $28 million stolen.
- Refunds will be distributed pro rata in the same tokens via a 180‑day claim process.
The decentralized finance protocol Balancer has presented a plan to reimburse liquidity providers affected by the large exploit that drained more than $128 million from its V2 pools.
The refund proposal follows a broad recovery effort led by whitehat hackers and internal teams aimed at restoring funds and rebuilding trust within the platform’s user community.
The plan was posted for feedback to the Balancer DAO and will require formal community voting approval before any distributions begin.
The Balancer exploit
The Balancer exploit, which occurred in early November, targeted a rounding issue in Balancer’s Composable Stable Pools (CSPv5).
Attackers combined this vulnerability with batched swaps, allowing them to manipulate token price calculations and drain multiple pools across Ethereum, Polygon, Base, and Arbitrum.
Despite 11 prior security audits performed by four different blockchain security firms, the vulnerability went unnoticed.
The breach shook the DeFi sector: Balancer’s total value locked plunged from $775 million to $258 million, and the native BAL token fell roughly 30%.
Several protocol components were suspended immediately after the incident to prevent further losses, while whitehat and internal recovery operations began working to retrieve funds.
Here’s everything you need to know about the Balancer Hack:
1. The attack targeted Balancer’s V2 vaults and liquidity pools, exploiting a vulnerability in smart contract interactions. Preliminary analysis from on-chain investigators points to a maliciously deployed contract that… pic.twitter.com/udAM4hB0OD
— Adi (@AdiFlips) November 3, 2025
Recovery efforts and whitehat contributions
About $28 million of the stolen funds were recovered in total.
Whitehat hackers played a significant role, recovering roughly $3.9 million, while Balancer’s internal teams, coordinating with security firm Certora, recovered another $4.1 million from vulnerable metapools that had not yet been exploited.
Among whitehat contributors, an anonymous actor dubbed “Anon #1” recovered $2.68 million on Polygon, including tokens such as WPOL, MaticX, TruMATIC, and stMatic, as detailed in the disclosed reimbursement proposal.
Some rescuers on Arbitrum chose to remain anonymous and waived compensation claims, highlighting the voluntary, community‑driven nature of the recovery efforts.
The remaining $19.7 million in osETH and osGNO tokens were recovered via StakeWise, a liquid staking protocol, and will be returned to users through StakeWise’s governance mechanisms.
The $8 million reimbursement plan
Balancer’s reimbursement plan focuses on the $8 million recovered directly by whitehats and internal teams.
The framework employs a non‑socialized approach: funds will be returned only to liquidity providers in the specific pools that were affected.
Refunds will be allocated pro rata according to each user’s Balancer Pool Token holdings at a snapshot block taken before the exploit.
Payments will be made in kind, allowing users to receive the exact tokens that were stolen instead of cash equivalents, minimizing discrepancies or unintended losses due to price fluctuations.
Whitehat contributors are eligible for a 10% bounty on the funds they recovered, capped at $1 million per operation.
To claim their bounty, whitehat participants must complete identity verification, KYC, and sanctions screening under Balancer’s SEAL Safe Harbour agreement.
Internal recovery operations, including work done with Certora, are excluded from bounty payments because of existing service agreements.
If the distribution plan is approved, affected liquidity providers will have a 180‑day window to file claims. During that period they must digitally accept Balancer’s updated terms of use.
Those updated terms require claimants to release Balancer Labs, the DAO, the Foundation, and affiliated parties from legal liability related to the exploit.
Any funds not claimed within 180 days will be deemed dormant and may only be reallocated via a governance vote.