Balancer DAO Proposes $8 Million Recovery Plan Following $110 Million Hack

In the aftermath of a significant security breach that resulted in the loss of over $110 million from its Balancer v2 vaults, the Balancer DAO has initiated discussions on a plan to redistribute around $8 million in recovered assets to impacted liquidity providers. The recovery of these funds was made possible by the efforts of whitehat actors and internal teams, who acted swiftly following the attack on November 3. According to a proposal outlined by DAO contributor Xeonus, the plan includes a structured payout for the whitehats involved, as well as a reimbursement process for users, based on snapshot data of their pool holdings at the time of the exploit. This approach aligns with the principles outlined in Balancer's Safe Harbor Agreement, which provides guidelines for ethical hackers recovering stolen funds. The agreement caps bounty payments at $1 million per incident and requires participating whitehats to undergo full know-your-customer (KYC) and sanctions screening. Notably, several anonymous rescuers on the Arbitrum network declined to identify themselves, thereby waiving their claim to any bounty. The recovered tokens are spread across multiple networks, including Ethereum, Polygon, Base, and Arbitrum, and comprise assets such as WETH, rETH, WPOL, and MaticX. Liquidity providers will receive reimbursement in the same tokens they initially provided, with the amount calculated on a per-pool, pro-rata basis. A claims mechanism is currently being developed, which will require users to accept updated terms of use if the proposal is approved by the DAO. In addition to the $8 million being redistributed through the DAO, a further $19.7 million in osETH and osGNO was recovered by StakeWise, a whitehat hacker, and will be handled separately. Moreover, $4.1 million was recovered internally through collaborative efforts with another whitehat, Certora, although this amount is not eligible for whitehat bounties due to prior service agreements. The recent exploit, which was caused by a flaw in Balancer's smart contract access controls, marks the third major security incident to affect the protocol. The total value locked (TVL) on Balancer has decreased significantly, from approximately $775 million to $258 million, following the exploit, while the value of the protocol's BAL token has declined by around 30%.