Balancer Outlines Precise $8M Repayment Plan Following Massive V2 DeFi Heist

Balancer, a prominent decentralized finance platform, has released a detailed proposal explaining how it intends to return recovered funds to liquidity providers affected by a major security incident earlier this month. The exploit—one of the most impactful DeFi attacks this year—resulted in more than $125 million being siphoned from V2 liquidity pools. The attacker was able to leverage a flaw in the Stable Pools’ price-rounding mechanism to manipulate token values across five separate blockchains.

Following the breach, coordinated interventions by external whitehat hackers, Balancer contributors, and other partners allowed roughly $28 million in assets to be retrieved.

The new reimbursement plan outlines how about $8 million, recovered directly through Balancer’s own internal actions and whitehat involvement, will be distributed. The protocol intends to use a pool-specific repayment model, meaning only the users who lost funds in particular pools and chains will receive the recovered assets. Distribution amounts will be calculated proportionally, using user balances recorded at snapshot blocks captured immediately before the first malicious transaction.

Independently, the liquid staking project StakeWise gained control of $19.7 million in osETH and osGNO during the recovery process. StakeWise will return those assets to its community following its own governance procedures.

Six whitehat researchers contributed to the retrieval effort, collecting a combined $3.9 million across multiple networks. Under Balancer’s Safe Harbor Agreement, these researchers are eligible for a bounty equal to 10% of the funds they rescued—capped at $1 million per operation and paid in the same tokens recovered. Eligibility also requires full identification checks, including KYC and sanctions screening. One pseudonymous participant, labeled “Anon #1,” recovered $2.68 million from Polygon alone. In addition, Balancer and security firm Certora carried out an in-house rescue operation that secured another $4.1 million from at-risk pools. Because Certora was already contracted by the protocol, these funds go directly back to the affected pools and do not fall under the Safe Harbor bounty program.

To claim their allocations, users will need to use an upcoming interface and agree to Balancer’s terms, which include a waiver of liability covering Balancer Labs, the DAO, the Foundation, and affiliated entities. Claims will be open for 180 days; once this window closes, any remaining assets will be treated as dormant, and their future use will be determined through a separate governance vote.

The incident’s complexity—despite the contracts having undergone more than ten audits from various security firms—has renewed calls within the industry for improved threat modeling and ongoing, real-time security oversight. The community’s impending governance vote on this distribution proposal is expected to influence how future DeFi recovery efforts are structured.