Balancer’s $8 Million Compensation Proposal Sheds Light on Weaknesses in DeFi Security Assessments

Balancer Proposes $8 Million Compensation Plan After Major Exploit

Balancer has introduced an $8 million compensation initiative aimed at reimbursing liquidity providers who suffered losses during the platform’s $128 million security breach in November 2025. This marks the protocol’s first substantial move to address the significant DeFi incident.

The plan, put forward by two members of the community, outlines a targeted, non-socialized approach—ensuring that only those liquidity pools directly affected by the exploit will receive compensation. Of the assets stolen, roughly $28 million has been retrieved through a mix of white hat interventions, internal efforts, and third-party recoveries. Notably, StakeWise managed to recover $19.7 million in osETH and osGNO for its users through separate actions.

Details of the Exploit

The attack exploited a vulnerability in Balancer’s Stable Pools, specifically targeting flaws in the EXACT_OUT swap calculation. By manipulating rounding mechanisms, attackers were able to drain funds across several blockchains, including Ethereum, Polygon, and Arbitrum. Despite undergoing 11 external audits from four different security firms, the breach revealed shortcomings in conventional code review methods, prompting renewed discussions about the effectiveness of audits in preventing advanced exploits.

A subsequent investigation attributed the vulnerability to rounding errors in batched transactions—a method cybersecurity specialist Deddy Lavid described as among the most sophisticated DeFi attacks of the year.

Compensation Distribution Process

Reimbursements will be allocated proportionally based on Balancer Pool Token (BPT) balances at snapshot blocks recorded immediately before the exploit. Liquidity providers will receive compensation in the same token types they originally lost, minimizing the risk of price discrepancies. White hat actors who recovered $3.9 million across four networks are set to receive a 10% bounty in the tokens they returned, with a maximum of $1 million per recovery. However, internal recoveries led by Certora—which secured $4.1 million from metastable pools—are not eligible for bounties due to their established relationship with Balancer.

StakeWise’s $19.7 million recovery, primarily in osETH, will be distributed separately through its own governance process. Any unclaimed funds from the $8 million pool will be classified as dormant after 180 days and may be reassigned following a future governance vote. To claim compensation, recipients must accept updated terms that release Balancer Labs, its DAO, and related entities from liability connected to the exploit.

Commitment to Transparency and Security

The proposal underscores the importance of openness and responsibility, echoing broader demands within the DeFi space for real-time, on-chain transparency to improve responses to security incidents. Blockscout, an open-source blockchain explorer, has emphasized that traceability is crucial for minimizing losses and speeding up recovery efforts.

Next Steps for the Community

If the community approves the proposal, the process will move forward with verifying snapshot blocks, confirming white hat recoveries, and deploying claim contracts. This initiative is designed to restore confidence in Balancer’s governance and establish a model for managing large-scale DeFi exploits in the future.