Balancer Hack 2025 Reduces Bounty to 10% for Exploit Recovery

Generated by AI AgentAinvest Coin BuzzReviewed byAInvest News Editorial Team
Friday, Feb 13, 2026 4:48 am ET2min read
BAL--
ETH--
ARB--
BERA--
GNO--
Aime RobotAime Summary

- Balancer DAO approved a 10% bounty cap for recovering assets from a $128M exploit exploiting a rounding bug in ComposableStablePool's math.

- The November 2025 attack drained 18% of TVL ($678M) across seven blockchains, causing BAL token price to plummet 91% to $0.17 and daily volumes to drop to $959K.

- Despite low voter turnout, the reduced bounty proposal passed unanimously to balance cost control with recovery incentives, though community criticism highlighted governance power imbalances.

- Academic analysis of 705 exploits (2016-2026) revealed containment time varies with authority types, emphasizing the need for emergency governance models balancing speed and decentralization.

The BalancerBAL-- DAO approved a 10% bounty cap for information or returned assets related to the $128 million exploit in November 2025 according to reports. The exploit exploited a rounding and precision bug in the ComposableStablePool's math to drain liquidity from multiple blockchains as detailed. The attack reduced Balancer's TVL and significantly impacted the BALBAL-- token's price, which dropped 91% YoY to $0.17.

The Balancer DAO's proposal to limit the recovery bounty to 10% of returned assets was a key step following the $128 million exploit. The decision was aimed at balancing incentives for recovery with cost control, despite criticism about uneven voting distribution. The exploit, which occurred in November 2025, took advantage of a rounding error in the ComposableStablePool's mathematical calculations and leveraged batch-swap mechanics to siphon funds across multiple blockchains.

The attack affected EthereumETH--, Polygon, Base, ArbitrumARB--, Optimism, Sonic, and BerachainBERA--. GnosisGNO-- Chain responded by hard-forking to freeze stolen assets. Despite some funds being recovered, the attacker-controlled addresses still hold a significant portion of the stolen value.

What Was the Nature of the Exploit?

The exploit exploited a vulnerability in Solidity's integer division, which allowed the attacker to accumulate small rounding errors across multiple micro-swaps. By deploying a malicious contract, the attacker weaponized these errors to manipulate the BalancerBAL-Pool Token price and siphon off funds. The attack drained 18% of the protocol's TVL, which stood at $678 million prior to the exploit.

The ComposableStablePool's invariant calculation was the key weakness, enabling the attacker to manipulate the pool's value over time. This exploit highlights the risks of complex smart contracts and the importance of robust security audits.

What Were the Market Impacts and Financial Consequences?

The attack caused a sharp drop in the protocol's TVL and a collapse in the BAL token's price. The token's price fell 91% YoY to $0.17, and daily trading volumes dropped to $959K. The market cap of the protocol now stands at $11.5 million, a fraction of the $128 million in funds lost to the exploit.

The financial impact also included the risk of legal action, including potential class-action lawsuits and securities investigations. Recovery efforts depend on the protocol's ability to collect fees and the return of stolen assets.

How Did Governance and Community Respond?

Balancer DAO's governance voted to reduce the bounty from 20% to 10% for returned assets, with the proposal passing unanimously despite a low voter turnout. This move was intended to reduce costs while still incentizing asset recovery.

The community response to the proposal was mixed, with some members criticizing the reduced bounty as insufficient and others supporting the move as necessary to maintain financial stability. The uneven distribution of voting power was another point of contention.

The attack has also spurred academic interest in emergency governance models. A recent paper analyzed the trade-offs between intervention speed and decentralization in protocols, introducing a Scope × Authority taxonomy to assess the legitimacy of emergency mechanisms. The study evaluated 705 exploit incidents from 2016 to 2026 and found that containment time varied systematically based on the authority type.

The findings underscore the importance of designing emergency mechanisms that balance speed with decentralization while considering community sentiment. These insights may inform future governance decisions in other decentralized protocols facing similar risks.

What Are the Long-Term Implications for Balancer?

The long-term recovery of Balancer will depend on fee revenue and the return of stolen assets. The protocol faces a liquidity death spiral, where declining TVL and trading volumes feed into further price declines.

The protocol's ability to regain user trust is critical. The reduced bounty and uneven governance participation may affect community sentiment and investor confidence.

Legal uncertainties also pose a risk, with potential investigations and lawsuits adding another layer of complexity to the recovery process. The protocol's future depends on addressing both financial and legal challenges while rebuilding its ecosystem.

author avatar
Ainvest Coin Buzz

Blending traditional trading wisdom with cutting-edge cryptocurrency insights.

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments



Add a public comment...
No comments

No comments yet