Key Highlights
- Balancer plans to repay $8M in recovered assets to affected liquidity providers after the November 3 V2 exploit.
- White-hat actors who helped recover funds will receive 10% bounties in the same tokens returned.
- Repayments will be pro-rata, in-kind, and non-socialized, with unclaimed funds subject to future governance vote.
Balancer, a decentralized finance (DeFi) protocol, has unveiled a detailed proposal to return roughly $8 million in recovered assets to liquidity providers (LPs) affected by its disastrous V2 exploit earlier this month.
This marks the protocol’s first concrete move toward reimbursing losses after one of the largest DeFi breaches of 2025.
What happened: A massive exploit
On November 3, Balancer’s V2 “Composable Stable Pools” suffered a flash exploit that drained approximately $128 million across multiple blockchains, including Ethereum, Arbitrum, Base, Polygon, and others.
The attacker exploited a rounding-error vulnerability in the pool invariant calculations, enabling a manipulated batch-swap which emptied funds within minutes.
The stolen assets included wrapped and staked Ether variants such as WETH, osETH, and wstETH, among other tokens. Recovery efforts and partial rescue began almost immediately with security teams, the protocol itself, and external contributors mobilizing for this.
Under the framework of the SEAL Safe Harbor Agreement, white-hat hackers and internal rescue teams began recovery operations within hours of the exploit. A major contribution came from StakeWise, which recovered around 5,041 osETH ($19 million) and 13,495 osGNO ($1.7 million) shortly after the incident.
That represented roughly 73.5% of the osETH drained in the attack. StakeWise announced it will reimburse its own users on a pro-rata basis.
Other white-hat recoveries, across chains like Ethereum, Polygon, Base, and Arbitrum, recouped additional funds, and internal teams working with auditors also secured assets tied to several pools.
How the repayment plan works
Under the new proposal, white-hat actors who rescued assets would receive bounties equal to 10% of what they helped secure, paid in the same tokens they returned.
The remaining recovered funds, about $8 million, will be distributed directly back to LPs. Balancer plans to use a snapshot of each pool’s holdings just before the first exploit transaction on each network.
Repayments will be “in kind,” meaning users will receive the same tokens that were rescued. Distribution will be non-socialized, so recovered funds from a particular pool go only to LPs of that pool.
Users must claim their funds through a dedicated interface and accept Balancer’s updated terms. Any assets unclaimed after the window closes would be subject to a later governance vote.
Meanwhile, the roughly $19.7 million in osETH/osGNO recovered by StakeWise — along with additional internally recovered funds (e.g. via audit partners), will be handled separately.
Why this matters, and what’s next
The exploit and ensuing recovery underlines three major faults, a subtle rounding bug in smart-contract math, overconfidence in repeated audits, and the systemic risk inherent in composable, cross-chain DeFi pools.
The proposal now enters a community review phase. If approved in the upcoming governance vote, affected LPs could begin receiving reimbursements soon. Otherwise, the fate of the recovered funds remains uncertain.
In the wider DeFi context, this incident may push other protocols, and their auditors, to scrutinize rounding and precision logic more carefully. For users, it underlines a key lesson, audits don’t eliminate risk, and diversification (or avoiding deeply composable pools) may be prudent.
Also Read: Balancer Attacker Begins Swapping Stolen Funds for ETH
