Balancer to Return $8M in Rescued Funds After $128M Exploit

Following one of the largest decentralized finance exploits of the year, Balancer DAO has proposed a detailed framework to distribute roughly $8 million in recovered assets back to affected liquidity providers. The exploit, which occurred earlier this month, drained more than $128 million from Balancer’s V2 pools across five blockchain networks including Ethereum, Polygon, Optimism, and Arbitrum. The incident forced emergency pauses and prompted immediate interventions from both internal teams and external whitehat hackers.

According to the proposal published by two members of the Balancer community, approximately $28 million of the stolen funds were salvaged through a combination of whitehat interventions, internal recovery efforts, and third-party actions. However, the current reimbursement framework covers only the $8 million recovered directly by whitehats and Balancer’s internal teams. The remaining $19.7 million in osETH and osGNO tokens will be separately returned to StakeWise users through that protocol’s own governance process, creating a segmented but coordinated recovery approach across the affected DeFi ecosystem.

The proposal identifies six whitehat actors who recovered approximately $3.9 million across multiple networks during the exploit. Among them, anonymous whitehat ‘Anon #1’ led recovery efforts by rescuing $2.68 million on Polygon alone, including substantial amounts of WPOL, MaticX, TruMATIC, and stMatic tokens. These ethical hackers intervened during the active attack, preventing further losses through their rapid on-chain actions.

Balancer also conducted an internal rescue operation, coordinating with security firm Certora to recover an additional $4.1 million from vulnerable metastable pools across Ethereum, Optimism, and Arbitrum that were at risk but not yet exploited. According to the proposal, these internally rescued funds won’t qualify for SEAL Safe Harbor bounties since Certora operated under an existing service relationship with Balancer. The Safe Harbor Agreement specifically incentivizes external actors rather than coordinated internal responses, creating a clear distinction between voluntary whitehat actions and contracted security services.

Blockscout, an open-source block explorer for EVM-based chains, emphasized the importance of transparent protocols, telling Decrypt that ‘Incidents like this show how important it is for DeFi to have clear, real-time visibility into what’s happening on-chain. The more transparent and traceable protocols become, the faster the ecosystem can respond, contain damage, and recover funds.’

The reimbursement framework employs a non-socialized approach, meaning each affected pool’s recovered funds will be distributed exclusively to liquidity providers of that specific pool and network, rather than spreading losses across all Balancer users. Distributions will be proportional to holdings at specific snapshot blocks taken just before the first exploit transaction, ensuring fairness to users who were actively providing liquidity at the time of the attack.

Whitehat rescuers who intervened during the attack will receive a 10% bounty capped at $1 million per operation, payable in the same tokens as the recovered funds. However, these bounties cannot be retained directly from rescued assets and will only be distributed after rescuers complete legal ID disclosure, KYC checks, and sanctions screening. The proposal notes that the Safe Harbor Agreement adopted by Balancer DAO provides clear terms for these whitehat interventions, creating structured incentives for ethical hacking within legal boundaries.

A dedicated claiming mechanism will be developed requiring claimants to provide digital proof of consent to Balancer’s terms and conditions, explicitly agreeing to release Balancer Labs, Balancer DAO, Balancer Foundation, and affiliated parties from liabilities related to the exploit. The framework includes a 180-day claim period, after which unclaimed assets will be classified as dormant and reassigned only through a subsequent governance decision, ensuring transparency in handling orphaned funds.