Members of the Balancer community have submitted a formal proposal to distribute $8 million recovered from the protocol's $116 million November exploit, one of the most technically advanced DeFi attacks of 2025. Approximately $28 million was retrieved in total, with $8 million recovered by white hats and internal rescuers covered in this proposal, while an additional $20 million recovered by liquid staking platform StakeWise will be handled separately.
The proposal recommends a non-socialized reimbursement model, where only liquidity pools directly impacted by the hack receive compensation. Distribution will be pro-rata based on each holder's share in affected pools, measured through Balancer Pool Tokens (BPT), and payouts will be in-kind to reimburse users with the same tokens they lost, avoiding forced conversions or price distortions.
Despite undergoing 11 smart contract audits by four different security firms, the exploit succeeded due to a logic flaw in a rounding function for EXACT_OUT swaps within Stable Pools. A post-mortem report revealed the attacker manipulated this function alongside batched swaps to drain funds, highlighting limitations in traditional audits and the evolution of sophisticated multi-step attacks.
The proposal now enters community review, aiming to restore user confidence and set a precedent for post-exploit fund distribution in DeFi governance, amid broader concerns about rising security threats and the need for improved economic modeling and cross-contract simulations.
HYPE
POLY
CRO
DOT
ZEC
FIL
BTC
ETH
XRP
ADA
AAVE
UNI