Balancer, one of the most trusted protocols in the Decentralized Finance (DeFi) market, has proposed a plan to return recovered assets to affected Liquidity Providers (LPs) following a v2 pool exploit. The attack, which occurred on November 3, 2025, drained over $128 million in total funds. Out of these losses, approximately $8 million worth of assets were secured from various networks by whitehat responders and internal recovery teams.
This proposal, submitted to Balancer’s governance forum on November 27, establishes a clear and responsible framework for fund distribution. This action sets a new standard for how DeFi protocols manage catastrophic incidents.
The Nature of the Exploit and Its Technical Flaw
The exploit that struck Balancer v2 was not a simple attack. It leveraged a precision-loss flaw in the mathematical model known as the v2 Invariant, which is designed to maintain the pool’s balance.
The attacker created a profitable arbitrage loop that drained the pools by manipulating token balances. In a matter of minutes, this chain reaction exfiltrated a massive amount of funds from the protocol. This demonstrates that even the underlying mathematical models of the most complex DeFi smart contracts can be subject to unexpected flaws.
Bounty and Protection for Whitehats
The role of the whitehat responders was critical in containing the security threat and recovering the funds. Their immediate intervention prevented deeper losses.
- 10% Incentive: Balancer has proposed granting them a 10% incentive of the assets they recovered. This bounty will be paid in the same tokens they returned.
- Compliance and Privacy: Before this payment, identity verification (KYC) and sanctions checks under Balancer’s Safe Harbor Agreement are mandatory. While the identities of the whitehats will be kept confidential, the demand for regulatory compliance shows that DeFi protocols are now striving to align with international financial standards.
Funds secured by internal recovery teams, in coordination with Certora, are outside the bounty program as they are under a services contract, and will be returned directly to the affected pools.
Pro-Rata Repayment and Fairness for LPs
The method for distributing the recovered $8 million to Liquidity Providers provides a fair and risk-based structure.
- Pro-Rata Basis: Repayments to LPs will be strictly pro-rata to their BPT (Balancer Pool Token) holdings at snapshot blocks taken just before the attack. This ensures that each investor receives a recovered share equal to the extent of their loss.
- Non-Socialized Distribution: Balancer’s key decision is to keep the distribution non-socialized. This means that funds recovered from a specific pool will only be returned to the LPs of that pool. This maintains the inherent risks of investing in different pools, preventing the LPs of one pool from subsidizing the losses of another.
- Repayment in Kind: Users will be repaid in the same type of tokens that were recovered. This eliminates the risk of devaluation caused by token swapping.
Collaborative Recovery Effort and Next Steps
The overall recovery effort highlights not only the operational capability of the Balancer protocol but also the collaboration within the wider DeFi ecosystem. The separate action by StakeWise to manage the $19.7 million associated with osETH and osGNO shows the complexity of multi-party responsibilities in token-based recovery efforts.
- Claim Interface: A new claim interface will be developed for affected LPs to retrieve their funds. Users must agree to Balancer’s terms before receiving the funds.
- Resolution via Governance: After the claim window closes, any unclaimed assets will be put to a subsequent governance vote to be utilized by the protocol, preventing the funds from remaining idle. This arrangement ensures community consensus regarding fund usage in decentralized systems.
Demonstration of Trust and Accountability
Balancer’s plan and the extensive recovery measures undertaken after the $128 million attack show a serious commitment to upholding its integrity and regaining community trust. This approach is a crucial step in demonstrating that DeFi protocols can be accountable for their users’ assets and handle complex financial challenges in an orderly manner, even when technical failures occur.
