Balancer V2 Attack Recovery: A Detailed Plan for Reimbursing Affected Users
Balancer V2 suffered a important attack on November 3rd, 2023, resulting in approximately $116 million in compromised funds. A new proposal outlines a detailed plan for distributing the recovered assets back to those affected, prioritizing accuracy, security, and long-term platform stability.
The recovery process will focus on users who held affected tokens recorded in “snapshot” blocks - precise records of the network state promptly before the attack. This approach, detailed in a proposal, aims to ensure a fair allocation based on ownership at the critical moment, upholding the integrity of on-chain data.
Reimbursement will be “in kind,” meaning users will receive the same assets that comprised the affected pools whenever possible. This strategy is designed to avoid potential value fluctuations that could occur from converting assets to stablecoins or other volatile tokens.However, with onyl around 7% of the total compromised funds recovered (excluding funds managed externally, like those of StakeWise), compensation will be proportional to this limited recovery amount.
Crucially, the proposal dictates that losses will not be distributed across the entire community. This decision protects other participants and the Balancer DAO’s treasury from potential systemic insolvency by only compensating users with the funds recovered from the attackers. while this might potentially be perceived as unfavorable by those who experienced direct losses, it prioritizes the long-term viability and operational stability of the platform, and ensures no funds will be drawn from secure pools to cover the losses.
A New Standard in Asset Recovery & Incentivizing Security
Balancer’s recovery plan introduces a new standard through the implementation of BIP-726, also known as the “SEAL Safe Harbor Agreement.” This framework incentivizes individuals who assist in fund recovery, offering a 10% reward on saved amounts, capped at $1 million per operation.
This system aims to professionalize the role of “white hat hackers” by requiring them to undergo know Your Customer (KYC) processes and international sanctions verification – a move away from the typical anonymity within the DeFi space. Balancer developers intend to align security incentives with traditional financial compliance regulations.
the claims process for end users will also require formal steps. A 180-day window will be opened for users to request funds via a digital mechanism requiring the signing of liability waivers. By accepting the refund, liquidity providers will release the protocol from future legal claims, effectively closing the legal loop surrounding the incident.Any unclaimed funds after six months will be subject to a new governance vote, preventing indefinite dormancy.
