DeFi Faces Security Challenges: Balancer Retrieves $4.1M Following $116M Breach

Balancer: White-Hat Recovery Mission Underway, $4.1 Million Secured in Custodial Account

The decentralized finance (DeFi) platform Balancer has begun a white-hat recovery initiative after a $116.6 million breach linked to a rounding issue in the "upscale" function of its V2 stable pool, according to a

. On November 13, Balancer revealed that roughly $4.1 million had been moved into a managed custodian account to support the process of reconciliation and user reimbursements, as referenced in a . The breach, which took place on November 3, enabled attackers to exploit pool balances and drain assets across several blockchains, such as , , Base, and Polygon, as detailed in the whale-alert.io report.

This vulnerability specifically affected

V2’s composable stable pools, which are intended to offer adaptable liquidity options but were exposed due to the rounding flaw, as outlined in the whale-alert.io report. StakeWise, a liquid staking service, managed to recover about $19 million in osETH for users, partially offsetting the losses, according to the whale-alert.io report. In response, Balancer suspended the compromised pools, stopped the creation of new pools and reward payouts, and worked with partners to freeze assets, as mentioned in the whale-alert.io report. The team also cautioned users against phishing scams and warned them not to interact with the affected pool, as stated in the Lookonchain update.

The protocol’s governing body, Balancer DAO, intensified recovery efforts by sending direct on-chain messages to the attacker’s wallet, as reported in a

. The DAO proposed a bounty deal, inviting the hacker to return the stolen funds in return for a negotiated share and a promise of no legal consequences, as described in the Bitcoinist article. Should the attacker refuse, the DAO warned it would use technical, on-chain, and legal strategies to identify and pursue those responsible, as noted in the Bitcoinist article.

Balancer’s V3 pools were not impacted by this exploit, and the team stressed that no vulnerabilities at the consensus layer were involved, according to the Lookonchain update. The retrieval of $4.1 million marks an important milestone in compensating liquidity providers and rebuilding confidence. Comprehensive reconciliation and a full report will follow once the returned assets are verified, as indicated in the Lookonchain update.

This event highlights the persistent security issues facing DeFi, with Balancer now among several protocols hit by advanced attacks. While white-hat actions have enabled partial fund recovery, the sector continues to face the challenge of balancing rapid innovation with effective risk management.