Repayment Plan Unveiled for November Exploit Victims
Balancer has published a new governance proposal outlining its plan to return roughly $8 million in recovered assets to liquidity providers affected by the protocol’s November v2 exploit. This proposal marks the first concrete step toward compensating users after one of the largest decentralized finance breaches of the year. The plan details how funds secured by whitehat rescuers and Balancer’s internal team will be returned. The protocol confirmed that approximately $8 million was recovered across multiple networks. A separate batch of roughly $19.7 million in osETH and osGNO, handled by StakeWise, is being processed independently.
Whitehat Bounties and Asset Distribution
Whitehat actors who intervened during the attack will receive bounties equal to 10% of the assets they recovered. Payments will be made in the same tokens that were returned, aligning with Balancer’s Safe Harbour Agreement. Before the release of funds, each whitehat must successfully pass identity verification, KYC, and sanctions screening. These processes have already been completed, though the identities of the whitehats remain confidential.
Assets recovered through Balancer’s collaboration with Certora will not be eligible for bounties. This is because these assets were rescued under an active service agreement. Instead, these tokens will be returned directly to the pools that were affected by the exploit.
Repayment Terms for Liquidity Providers
Liquidity providers (LPs) will receive funds on a pro rata basis. This distribution will be determined by their BPT holdings at snapshot blocks taken immediately before the exploit transactions occurred.
The reimbursements will be non-socialized, meaning that each pool’s recovered assets will only be distributed to LPs from that specific pool. Furthermore, the reimbursements will be in-kind, ensuring that users receive the exact same tokens that were rescued.
Balancer also plans to launch a dedicated claim interface. Users will be required to accept the protocol’s terms and conditions before they can retrieve their funds. Any tokens that remain unclaimed after the designated claim window has closed will be reallocated through a subsequent governance vote.
Recap of the November Attack
The exploit, which occurred on November 3, drained over $128 million across the Ethereum mainnet and several layer-2 networks. The attacker exploited a precision-loss vulnerability within Balancer’s v2 invariant. This allowed the manipulation of token balances, triggering a rapid arbitrage loop that effectively emptied pools within minutes.
A day after this exploit, the decentralized finance platform Stream Finance announced it was halting all deposits and withdrawals. This decision followed the discovery of a $93 million loss in assets that were managed by an external fund manager.