Balancer Outlines Reimbursement Plan Following $128M Exploit

Decentralized finance protocol Balancer has outlined a framework to return millions in rescued assets to liquidity providers after an exploit drained more than $128 million from its V2 pools, in what was one of the largest DeFi exploits of the year.

The proposal published Thursday by two members of the protocol’s community is seeking community feedback on plans to distribute roughly $8 million in funds, “including both whitehat rescues and internal recovery efforts.” 

The discussion comes in the aftermath of Balancer’s exploit early this month, which drained millions across five chains, forced emergency pauses, and prompted whitehat interventions.

Approximately $28 million of the stolen funds were salvaged through a mix of whitehat interventions, internal rescues, and third-party actions, as per the proposal.

"Incidents like this show how important it is for DeFi to have clear, real-time visibility into what’s happening on-chain," Blockscout, an open-source block explorer for EVM-based chains, told Decrypt. "The more transparent and traceable protocols become, the faster the ecosystem can respond, contain damage, and recover funds."

The framework covers only the $8 million recovered directly by whitehats and Balancer’s internal teams, while Ethereum-based liquid staking protocol StakeWise will separately return the remaining $19.7 million in osETH and osGNO to its own users through its governance process.

"The Safe Harbor Agreement, adopted by Balancer DAO, provides clear terms for whitehat interventions," the proposal notes, specifying bounties are paid in the same tokens as recovered funds and cannot be retained directly from rescued assets.

The proposal takes a non-socialized approach to reimbursement, meaning each affected pool's recovered funds will be distributed only to liquidity providers of that specific pool and network, rather than spreading losses across all users. 

Distributions will be proportional to holdings at specific snapshot blocks taken just before the first exploit transaction.

Whitehat rescuers who intervened during the attack will receive a 10% bounty, capped at $1 million per operation, once they complete legal ID disclosure, KYC checks, and sanctions screening, according to the platform. 

The proposal identified six whitehat actors who recovered approximately $3.9 million across multiple networks during the exploit.

Among them, anonymous whitehat "Anon #1" led recoveries with $2.68 million rescued on Polygon, including 8 million WPOL, 6.8 million MaticX, 2.9 million TruMATIC, and 72,000 stMatic tokens.

Balancer also conducted an internal rescue operation, coordinating with security firm Certora, recovering an additional $4.1 million from vulnerable metastable pools across Ethereum, Optimism, and Arbitrum that were at risk but not yet exploited.

These internally rescued funds won't qualify for SEAL Safe Harbor bounties since Certora operated under an existing service relationship with Balancer, and the agreement specifically incentivizes external actors rather than coordinated internal responses, as per the proposal.

A claiming mechanism will be developed requiring claimants to provide digital proof of consent to Balancer's terms and conditions, explicitly agreeing to release Balancer Labs, Balancer DAO, Balancer Foundation, and affiliated parties from liabilities related to the exploit.

The framework includes a 180-day claim period, after which unclaimed assets are classified as dormant and reassigned only through a subsequent governance decision.