Two members of the Balancer protocol community have submitted a proposal outlining a distribution plan for a portion of the funds recovered from the protocol’s $116 million November exploit. Approximately $28 million from the heist was recovered by white hat hackers, internal rescuers, and StakeWise, an Ether liquid staking platform. However, the current proposal specifically addresses the $8 million recovered by white hat hackers and internal rescue teams, with the nearly $20 million retrieved by StakeWise slated for separate distribution to its users.
The authors of the proposal recommend that all reimbursements be non-socialized. This means that funds will be distributed exclusively to the specific liquidity pools that incurred losses. The distribution will be on a pro-rata basis, calculated according to each holder's share in the liquidity pool, represented by Balancer Pool Tokens (BPT). Furthermore, the proposal suggests that reimbursements should be paid in-kind. This approach ensures that victims of the hack receive payment denominated in the same tokens they lost, thereby avoiding potential price mismatches between different digital assets.
The Balancer hack was characterized as one of the “most sophisticated” attacks of 2025 by Deddy Lavid, CEO of blockchain cybersecurity company Cyvers. This incident underscores the ongoing need for enhanced crypto user safety as security threats continue to evolve.
Security Audits and Exploit Details
Balancer's smart contracts have undergone extensive security scrutiny, with the platform's code being audited 11 times by four different blockchain security companies, according to its GitHub page. Despite these numerous audits, the platform was still compromised.
The hack prompted some members of the crypto community to question the effectiveness and value of security audits in ensuring code safety. Following the incident, Balancer released a post-mortem report on November 5th, detailing the root cause of the hack. The exploit targeted a specific rounding function used within its Stable Pools during EXACT_OUT swaps. The function, designed to round down token prices when input, was manipulated by the attacker to round up instead. The attacker leveraged this flaw in conjunction with a batched swap — a single transaction comprising multiple actions — to drain funds from Balancer’s pools.