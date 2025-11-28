MENAFN - Crypto Breaking) In one of the most complex DeFi attacks of 2025, Balancer protocol lost more than $128 million on November 3, 2025, when hackers exploited a hidden vulnerability in its v2 Stable Pools.

The attack targeted the rounding mechanism of the“upscale” function for EXACT_OUT swaps, which allowed invalid upward rounding through manipulated inputs and batched transactions that drained the funds repeatedly in a single block.

The Balancer decentralized autonomous organization has now introduced a formal governance proposal to distribute $27.7 million in recovered assets to users that were affected in the November 3 hack.

WETH, osETH, and wstETH were some of the assets siphoned across multiple chains: Ethereum, which suffered the biggest loss at $99 million, with additional losses across Arbitrum, Base, Berachain, Optimism, Polygon, and Sonic.

Despite eleven audits that were carried out by four separate security companies, the vulnerability remained undetected until the exploit happened. Cyvers CEO Deddy Lavid described the operation as“one of the most advanced attacks of the year,” citing the evidence that the attacker prepared for months and subsequently laundered proceeds through Tornado Cash.

Following the attack, Balancer froze the affected pools to stop further losses and released a preliminary post-mortem shortly afterward, confirming the root cause and issuing warnings about ongoing risks to hot wallets and on-chain liquidity exposure. The incident affected thousands of liquidity providers and the overall market, followed by a temporary dip in unrelated tokens such as SUI.

Three weeks after the breach, the Balancer DAO has come forward with a governance proposal to return recovered funds to victims of the attack without socializing losses across the broader protocol.

The plan, posted to the governance forum on November 27, 2025, will follow two distinct recovery streams.

An $8 million tranche recovered through white-hat interventions and internal efforts will be distributed proportionally to Balancer Pool Token (BPT) holders in the directly affected pools, paid in the original stolen assets. A separate $19.7 million tranche recovered by liquid-staking partner StakeWise, primarily osETH and osGNO, will be forwarded independently by StakeWise to its affected users.

The combined $27.7 million represents approximately 22% of total losses. Distributions will be strictly non-socialized, limited exclusively to liquidity providers who held BPT positions in the exploited pools at the time of the attack, and will require acceptance of updated terms of service.

The proposal is currently in the community discussion phase ahead of an on-chain DAO vote. If approved, a claims portal is expected to launch within weeks.

Community reactions remain divided; some members remain optimistic, while others criticize the decision. Some liquidity providers have praised the targeted approach as a“community-first” gesture that prioritizes direct victims over broad bailouts, while others contend the partial recovery has some shortcomings in audit effectiveness and overall DeFi risk management.

