After a devastating $128 million exploit on Balancer, a decentralized finance (DeFi) protocol, the team has proposed a reimbursement plan to return $8 million in recovered funds to its liquidity providers.
Balancer DeFi protocol allows users to create and trade liquidity pools. The hack happened on its Composable Stable Pools on Balancer V2, the second version of the Balancer liquidity platform and decentralized exchange.
Liquidity providers will get payments from recovered funds in the same tokens they provided for the pool.
The $128 million hack and $19.3 million recovery
On November 3, 2025, hackers drained nearly $128 million in assets through the V2 exploitation, and liquidity staking platform StakeWise has swiftly recovered nearly $19.3 million worth of investor funds.
The attackers exploited a vulnerability in smart contract interactions and stole the funds — the largest DeFi hack in 2025, and one of the biggest in the history of Balancer.
Ethical hackers assist in recovering funds
After the Balancer exploit, the team has sought help from a white-hat recovery team, ethical hackers, and security researchers to retrieve funds.
The recovered tokens are spread across a slew of different networks, such as Polygon, Base, Ethereum, and Arbitrum. The ethical hackers have also recovered assets linked to tokens like wrapped ETH, MaticX, osETH (StakeWise Staked ETH), and more.
This is not the first time the Balancer DeFi protocol has undergone a critical hack. It has been attacked multiple times.
A flash loan attack in 2020 resulted in $520,000 loss. In 2023, the Euler Finance hack affected Balancer, as its pools were linked to Euler tokens, resulting in $2.1 million loss due to vulnerability exploitation in Balancer V2 pools, in the same year.
Another impactful hack occurred in 2024, when the Velocore DeFi platform, which used a similar Balancer-style pool, was hacked, causing $6.8 million loss for Velocore. Hackers originally exploited a smart contract on the forked Balancer pool on Velocore.
