DeFi's Security Tightrope: Balancer Recovers $4.1M After $116M Exploit

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Wednesday, Nov 12, 2025 9:37 pm ET1min read
ETH
--
ARB
--
BAL
--
Aime RobotAime Summary

- Balancer launched a white-hat recovery operation after a $116.6M exploit targeting V2 stable pools' rounding bug, recovering $4.1M to custodian accounts.

- Attackers manipulated pool balances across

Ethereum
, Arbitrum, Base, and Polygon, prompting pool pauses and asset freezes by the protocol.

- Balancer DAO engaged on-chain communication with hackers, offering bounties for asset returns while threatening legal/technical measures if uncooperative.

- V3 pools remained unaffected; recovery efforts focus on refunding liquidity providers as DeFi's security challenges persist despite partial fund recovery.

Balancer: White-Hat Recovery Operation Launched, $4.1 Million Moved to Custodian Account

Balancer, a decentralized finance (DeFi) protocol, has initiated a white-hat recovery operation following a $116.6 million exploit traced to a rounding bug in its V2 stable pool's "upscale" function, as reported in a

whale-alert.io story
. On November 13, the team announced that approximately $4.1 million in funds had been transferred to a controlled custodian account to facilitate reconciliation and refunds, as noted in a
Lookonchain feed
. The incident, which occurred on November 3, allowed attackers to manipulate pool balances and siphon assets across multiple blockchains, including
Ethereum
,
Arbitrum
, Base, and Polygon, according to the whale-alert.io story.

The exploit targeted

Balancer
V2's composable stable pools, a feature designed to enable flexible liquidity provision but left vulnerable due to the rounding error, as detailed in the whale-alert.io story. StakeWise, a liquid staking provider, partially mitigated losses by recovering ~$19 million worth of osETH for users, according to the whale-alert.io story. In response, Balancer paused affected pools, halted new pool creation and reward distributions, and collaborated with partners to freeze assets, as described in the whale-alert.io story. The protocol also issued warnings to users to avoid phishing attempts and interactions with the compromised pool, as reported in the Lookonchain feed.

The Balancer DAO, which governs the protocol, escalated efforts to recover remaining funds by directly messaging the hacker's wallet via on-chain communication, as detailed in a

Bitcoinist report
. The DAO offered a bounty arrangement, allowing the attacker to return stolen assets in exchange for a negotiated percentage and immunity from legal action, as described in the Bitcoinist report. If uncooperative, the DAO threatened to employ technical, on-chain, and legal measures to identify and pursue the perpetrator, as reported in the Bitcoinist report.

Balancer's V3 pools remain unaffected by the exploit, and the team emphasized that no consensus-layer vulnerabilities were compromised, as noted in the Lookonchain feed. The recovery of $4.1 million represents a critical step toward refunding liquidity providers and restoring trust. Final reconciliation and detailed reporting are pending verification of returned assets, as stated in the Lookonchain feed.

The incident underscores the ongoing challenges in DeFi security, with Balancer joining a growing list of protocols targeted by sophisticated exploits. While white-hat interventions have helped recover portions of stolen funds, the broader industry continues to grapple with balancing innovation and risk mitigation.