Ethereum News Today: Balancer's Onchain Ultimatum: Can DeFi Reclaim $116M Stolen Funds?

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Friday, Nov 7, 2025 3:25 pm ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Balancer DAO issued an onchain ultimatum to a $116M exploit perpetrator, demanding asset return or facing technical/legal actions and offering a bounty.

- Attackers exploited a rounding error in batch swaps combined with flashloans to drain staked ETH variants from liquidity pools on Nov 3, 2025.

- Recovery efforts include freezing stolen funds, tracking cross-chain movements, and prioritizing user compensation, though 26.5% of loot remains untraceable as ETH.

- The incident highlights DeFi's evolving response tactics and audit limitations, as four security firms missed the vulnerability in static code reviews.

- Balancer's $20M bounty model reflects growing economic incentives in DeFi, yet decentralized accountability challenges persist without a hacker response.

Balancer DAO Issues Onchain Ultimatum to $116M Exploit Perpetrator, Offers Bounty for Funds' Return

The

Balancer
Decentralized Autonomous Organization (DAO) has escalated its response to a $116 million exploit of its V2 Composable Stable Pools, issuing an onchain warning to the hacker demanding the return of stolen assets or facing "technical, onchain, and legal measures",
according to Cointelegraph
. The ultimatum, posted on X, outlines a deadline for the perpetrator to return the funds in exchange for an unspecified bounty—a move analysts say highlights the evolving tactics of DeFi protocols in recovering losses,
per Coinotag
.

The exploit, first reported on November 3, 2025, involved the theft of over $116 million in staked Ether (ETH) variants, including StakeWise Staked ETH (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH), from Balancer's liquidity pools,
according to Coinpedia
. Attackers exploited a rounding error in batch swap logic combined with flashloan mechanisms, allowing them to manipulate pool balances and drain assets rapidly,
per a FinanceFeeds post-mortem
. The vulnerability stemmed from a flaw in the handling of EXACT_OUT transactions, which allowed the attacker to inflate token values during swaps,
according to Bitget
.

Balancer's response has included a mix of onchain and offchain strategies. The protocol paused affected pools and collaborated with cybersecurity firms to freeze portions of the stolen funds. For instance, StakeWise recovered approximately 73.5% of the stolen osETH (worth $19.3 million), while teams like BitFinding and Base MEV bot assisted in tracing the hacker's movements,

according to CryptoNews
. Despite these efforts, the attacker has begun converting the loot into ETH, raising concerns about the permanence of the losses,
according to TradingView
.

The DAO's bounty offer—included as up to 20% of the stolen funds, or $20 million—remains unclaimed, as Cointelegraph reported. This approach mirrors a growing trend in DeFi, where protocols leverage economic incentives to encourage the return of stolen assets. However, the lack of a formal response from the hacker underscores the challenges of enforcing accountability in decentralized systems, per Coinotag.

The incident has reignited debates about the reliability of smart contract audits, despite the affected pools having been reviewed by four security firms—Zellic, Trail of Bits, Quantstamp, and OpenZeppelin, according to FinanceFeeds. Balancer's preliminary report noted that the rounding error evaded detection during audits, emphasizing the need for dynamic testing beyond static code reviews, as noted by Bitget. The attack also exposed risks inherent in composability, a core DeFi feature that allows interconnected protocols but can expand attack surfaces, according to Coinotag.

Recovery efforts continue, with Balancer working alongside partners like SEAL and zeroShadow to track cross-chain movements of the stolen assets. Meanwhile, the protocol has suspended the creation of new stable pools until a permanent fix is deployed, per FinanceFeeds. Affected users are being prioritized for compensation through governance proposals, though no timeline has been provided, according to Coinotag.

The hack is among the largest DeFi exploits of 2025, joining a growing list of breaches that have cost protocols over $2.3 billion this year, according to FinanceFeeds. As the industry grapples with rising threats, Balancer's onchain warning serves as a case study in the intersection of blockchain's immutability and the human element of cybersecurity.

---

Comments



Add a public comment...
No comments

No comments yet