[BIP-892] Distribution of Rescued Funds from Balancer v2 November 3rd 2025 Attacks
Author(s): @Xeonus, @0xDanko
PR with Payloads
https://github.com/BalancerMaxis/multisig-ops/pull/2557
Summary
Here, the DAO proposes a framework for distributing funds rescued during the Balancer v2 exploit in early November 2025.
Whitehat actors and internal rescue operations successfully recovered approximately $8M in user funds across multiple networks (with an additional ~$19.7M in osETH/osGNO handled separately by StakeWise). Users understand the inherent risks of DeFi and the community’s ongoing efforts to manage them through tools like the Terms of Use, Risk Reminders and adoption of the SEAL Safe Harbor Agreement (BIP-726). This proposal builds on that foundation by detailing the next steps in the risk management strategy including: (1) implementation of the previously approved whitehat reimbursement policy under [BIP-726] Safe Harbor Agreement; (2) the breakdown of the funds recovered by network and whitehat contributors, and (3) the methodology for reimbursing LPs affected by the theft.
Background
In early November 2025, Balancer v2 was actively attacked across multiple networks. In accordance with [BIP-726]: Adopt the SEAL Safe Harbor Agreement, whitehat actors intervened to rescue funds at risk and qualified for “Predetermined rewards for successful whitehats that protect protocol funds”.
The Safe Harbor Agreement, adopted by Balancer DAO, provides clear terms for whitehat interventions:
- Bounty: 10% of recovered funds
- Cap: $1,000,000 USD per rescue operation
- Retainable: False (funds must be returned to DAO recovery address; bounty paid separately)
- Identity: Full legal name required
- Compliance: KYC and global sanctions verification required
1. Whitehat Reimbursement Policy
1.1 Bounty Payment Denomination
Proposal: All whitehat bounties shall be paid in the same token as returned funds, calculated as 10% of recovered tokens as approved in BIP-726 and described in the section 2.2.
Rationale:
- The Safe Harbor Agreement specifies "Retainable: False," meaning whitehats cannot retain bounties directly from recovered assets. This necessitates a separate bounty payment.
- Payment-in-kind (PIK) as recovered assets provides:
- Clarity and consistency across different token types
- No price volatility between bounty calculation and payment
- Simplified accounting for the DAO and recipients
- Operational efficiency for multi-network settlements
1.2 Eligibility Requirements
Per BIP-726 and the Safe Harbor Agreement, whitehats must complete:
- Identity Verification: Provide full legal name
- KYC: Complete Know Your Customer verification
- Sanctions Screening: Clear OFAC, UK, and EU sanctions lists
The Foundation has cleared the compliance requirements for this proposal, and the identity of the whitehats will remain anonymous and preserved.
1.3 Mandate to Dispute Procedures
In the event of a dispute between Balancer DAO and the whitehat, the Treasury Council will be mandated to represent the DAO’s interests in such resolutions via the Balancer Foundation, according to the Safe Harbor Agreement.
2. External Whitehat Recoveries
The following table details all external whitehat recoveries, organized by whitehat and network.
2.1 Summary by Whitehat
| Whitehat | Network | Total Recovered (USD at the time of recovery) |
|---|---|---|
| Anon #1 | Polygon | $2,681,321 |
| Bitfinding | Ethereum Mainnet | $963,832 |
| Anon #2 | Base | $161,274 |
| Unknown #1 | Arbitrum | $46,933 |
| Unknown #2 | Arbitrum | $1,862 |
| Unknown #3 | Arbitrum | $230 |
| TOTAL | $3,855,452 |
Note: StakeWise rescued osETH (Ethereum) and osGNO (Gnosis) but will handle redistribution to affected users directly via their own mechanism. These funds are excluded from this proposal.
Note 2: Whitehat rescuers on Arbitrum have waived their bounty by not identifying themselves and/or refusing to KYC.
2.2 Detailed Recovery Breakdown and bounty targets
Anon #1 — Polygon
| Token | Amount | Bounty | Total (Net) | Refund Tx |
|---|---|---|---|---|
| WPOL | 8,007,431.9 | 800,743.19 | 7,206,688.71 | 0x52f19146... |
| MaticX | 6,802,355.9 | 680,235.59 | 6,122,120.31 | 0x2c844233... |
| TruMATIC | 2,865,691 | 286,569 | 2,579,122.26 | 0x3daae091... |
| stMatic | 72,412.2 | 7,241.22 | 65,170.98 | 0xe3137b85... |
Bounty shall be paid back to 0xCdef7f1e13b86CC1f9C0cF57bDC9A7db501CB680
BitFinding — Ethereum Mainnet
| Token | Amount | Bounty | Total (Net) | Refund Tx |
|---|---|---|---|---|
| WETH | 136.000 | 13.600 | 122.400 | 0x1c20be7a... |
| osETH | 105.208 | 10.520 | 94.688 | 0x60687df4... |
| wstETH | 10.956 | 1.095 | 9.859 | 0xf6e3db8f... |
| weETH | 6.616 | 0.661 | 5.955 | 0x4936c50c... |
| rETH | 6.225 | 0.622 | 5.603 | 0x18fccc83... |
Bounty shall be paid back to 0xc3C7ccE1962B7a744847933CC3abD50b67ff5402
Anon #2 — Base
| Token | Amount | Bounty | Total (Net) | Refund Tx |
|---|---|---|---|---|
| rETH | 24.240 | 2.424 | 21.816 | 0xb88c2119... |
| WETH | 16.969 | 1.696 | 15.273 | 0x33ea6ee0... |
| weETH | 0.062 | 0.006 | 0.056 | 0x836a01a8... |
Bounty shall be paid back to 0xcab1e5cc8bda570d29d5e321ec15cde5b9f6e555
Unknown — Arbitrum (waived bounty)
| Token | Amount | Bounty | Total (Net) | Refund Tx |
|---|---|---|---|---|
| USDX | 117.3 | n/a | 117.3 | 0x284055aa... |
| sUSDX | 105.9 | n/a | 105.9 | 0xa025ecae... |
| ETH | 13.7 | n/a | 13.7 | 0x6cf102dd... |
| rETH | 0.2 | n/a | 0.2 | 0x6c5cdbbf... |
| WETH | 0.2 | n/a | 0.2 | 0xce75a26a... |
| ETH | 0.1 | n/a | 0.1 | 0xd84ed71a... |
| ezETH | 0.1 | n/a | 0.1 | 0xab5cdc56... |
| weETH | ~0.0 | n/a | ~0.0 | 0xf9b4d356... |
| wstETH | ~0.0 | n/a | ~0.0 | 0x370efc5b... |
3. Internal Rescue Operation (Certora — Metastable Pools)
In coordination with the Certora team, Balancer DAO executed an internal whitehat rescue operation targeting metastable pools [CSPv5] (including rETH and other correlated-asset pools) that were at risk but not yet exploited by external actors. This rescue effort is not covered under the SEAL Safe Harbor Agreement and its terms.
3.1 Treatment of Internal Rescue
Proposal: The internal Certora rescue operation is not eligible for the 10% Safe Harbor bounty for the following reasons:
- Certora's involvement was under an existing service relationship with Balancer
- The Safe Harbor Agreement is designed to incentivize external actors to protect the protocol; internal coordinated responses fall outside this scope
3.2 Metastable Pool Recovery Details
The following tokens were rescued via the internal Certora-coordinated operation and returned to Balancer DAO multi-sig addresses:
Ethereum (0x10A19e7eE7d7F8a52822f6817de8ea18204F2e4f)
| Token | Amount |
|---|---|
| WETH | 510.37 |
| rETH | 320.12 |
| wstETH | 141.39 |
| StaFi rETH | 0.80 |
| Subtotal |
Optimism (0x043f9687842771b3dF8852c1E9801DCAeED3f6bc)
| Token | Amount |
|---|---|
| rETH | 64.88 |
| WETH | 66.06 |
| wstETH | 1.86 |
| Subtotal |
Arbitrum (0xaF23DC5983230E9eEAf93280e312e57539D098D0)
| Token | Amount |
|---|---|
| wstETH | 3.53 |
| WETH | 4.04 |
| Subtotal |
Internal Rescue Total
| Network | Total Recovered (USD at the time of recovery) |
|---|---|
| Ethereum | $3,590,712.58 |
| Optimism | $488,327.39 |
| Arbitrum | $28,525.58 |
| TOTAL | $4,107,565.55 |
These funds are held in the respective DAO multi-sig addresses as internal balances in the Balancer v2 vault on the corresponding network. These will be claimed and distributed to affected metastable pool LPs according to the methodology outlined in Section 4.
Internal balances can be verified here.
4. LP Reimbursement
4.1 Methodology
Proposal: Distribution of rescued funds to affected users shall be:
- Non-socialized — Each affected pool's rescued funds are distributed only to LPs of that specific pool and network
- Pro-rata by BPT holdings — Distribution proportional to each holder's share of the pool's BPT at the snapshot block
- Payment-in-Kind — LPs receive the same tokens that were rescued (e.g., WETH, wstETH, WPOL, etc.)
4.2 Snapshot Blocks
4.2.1 External White Hat Rescues
Distribution eligibility for external white hat rescued funds shall be determined by BPT holdings at the following blocks (last block before first exploit tx on each network):
| Network | Snapshot Block |
|---|---|
| Ethereum Mainnet | 23717626 |
| Base | 37683373 |
| Polygon | 78525618 |
| Arbitrum | 396293450 |
4.2.2 Internal Rescue (Metastable Pools)
Distribution eligibility for internally rescued metastable pool funds shall be determined by BPT holdings at the following blocks, per pool:
Ethereum Mainnet
| Pool ID | Snapshot Block |
|---|---|
| 0x1e19cf2d73a72ef1332c882f20534b6519be0276000200000000000000000112 | 23785042 |
| 0x32296969ef14eb0c6d29669c550d4a0449130230000200000000000000000080 | 23785044 |
| 0x851523a36690bf267bbfec389c823072d82921a90002000000000000000001ed | 23785052 |
| 0xb08885e6026bab4333a80024ec25a1a3e1ff2b8a000200000000000000000445 | 23785057 |
Optimism
| Pool ID | Snapshot Block |
|---|---|
| 0x4fd63966879300cafafbb35d157dc5229278ed2300020000000000000000002b | 143687339 |
| 0x7b50775383d3d6f0215a8f290f2c9e2eebbeceb200020000000000000000008b | 143687377 |
Arbitrum
| Pool ID | Snapshot Block |
|---|---|
| 0x36bf227d6bac96e2ab1ebb5492ecec69c691943f000200000000000000000316 | 399567435 |
4.3 Net Distribution
The amount available for LP distribution is:
Net Distribution = Rescued Funds − Whitehat Bounties
For each pool, the net tokens (after deducting the 10% bounty in-kind) will be distributed to BPT holders. Note, that this will not apply to rescued funds from the internal white-hat operation as described in 4.2.2, meaning the full amount of recovered funds shall be returned to affected LPs from those pools.
4.4 Claim Mechanism
A claiming mechanism will be developed to facilitate the distribution of rescued funds to eligible LPs. The technical implementation details—including the specific smart contract architecture, claim interface, and operational procedures—will be finalized and communicated to the community prior to launch.
Key Principles:
- Acceptance Required: Claimants will be required to provide digital proof of consent to Balancer's terms and conditions, explicitly agreeing to release Balancer Labs, Balancer DAO, Balancer Foundation and any affiliated parties and service providers from liabilities related to the exploit or any disputes.
- Smart Contract & Multi-Sig Handling: Smart contract accounts and multi-sig wallets may require case-by-case coordination. Affected parties can contact admin@balancer.finance for guidance.
- Claim Period: A reasonable claim window will be established. At the conclusion of this period, unclaimed assets will be declared dormant and their disposition may be reassessed by the community via a separate governance proposal.
5. Specification
If this proposal passes, the following actions will be executed:
- Execute White Hat Bounty Payments: Distribute bounties to KYC-verified white hats as specified in Section 2.2, paid in-kind (10% of recovered tokens) to their designated addresses.
- Publish Claim Data for Community Review: Release complete snapshot data including:
- Per-pool BPT holder lists at specified snapshot blocks
- Token allocation amounts per eligible address
- Data verification scripts for community audit
- Deploy Claiming Mechanism: The Balancer Foundation and Service Providers are mandated to develop and deploy the claim framework for affected LPs
- Execute LP Distributions: Open the claim window for eligible LPs to retrieve their rescued funds according to the methodology in Section 4.
- Monitor and Support Claims: Provide ongoing assistance to claimants, particularly for smart contract accounts and multi-sig wallets requiring case-by-case coordination (contact: admin@balancer.finance).
- Dormant Asset Management: At the conclusion of the 180-day claim window, propose new allocation for unclaimed dormant assets via separate governance proposal.
References
- BIP-726: Adopt the SEAL Safe Harbor Agreement
- SEAL Safe Harbor Agreement (PDF)
- Balancer DAO Accountability Guidelines
- Terms of Use
- Risks Disclosures
Edits:
- assign BIP ID and reformat as BIP
- add payload file for white hat repayments
- add white hat bounty payment information
- adjust section 4.3 to clarify external vs internal white hat token distributions
- adjust wording on proposal execution flow in section 5
Off-Chain Vote
Yes, let's do it
3.7 veBAL100%
No, this is not the way
0 veBAL0%
Abstain
0 veBAL0%
Timeline
Dec 12, 2025Proposal created
Dec 12, 2025Proposal vote started
Dec 16, 2025Proposal vote ended