Balancer DAO Sends Onchain Ultimatum later than $100M Exploit

DAO Warns Attacker to Return Funds

The Balancer Decentralized Autonomous Organization (DAO) issued an onchain ultimatum to the wallet holder behind a security breach that drained more than $100 million in digital assets from the decentralized platform’s smart contracts earlier this week.

In a post on X, Balancer published the message it sent to the address linked to the exploit of its V2 Composable Stable Pools. The DAO gave the individual or group until Saturday to return the assets in platform for a bounty, or face what it called “technical, onchain, and legal measures.”

“We understand that affected users are awaiting further updates,” Balancer said. “We will continue to provide information as the investigation progresses.” No response had been received from the attacker by late Friday.

Investor Takeaway

Details of the Exploit

The incident, first disclosed on Monday, involved the theft of multiple types of staked Ether (ETH) including StakeWise Staked ETH (OSETH), Wrapped Ether (WETH), and Lido wstETH (wSTETH). The assets were moved to a newly created wallet shortly before Balancer suspended affected pools.

Blockchain data reviewed by security firms showed more than $100 million worth of assets had been drained. The scale of the attack renewed scrutiny of Balancer’s smart contract audits later than reports confirmed that four security firms had reviewed the contracts involved.

According to a post-mortem report published Wednesday, the attackers exploited a flaw in the platform’s BatchSwap mechanism and a rounding issue affecting EXACT_OUT swaps in Balancer’s v2 Stable Pools and Composable Stable v5 Pools. The combination of these vulnerabilities allowed them to manipulate pool balances and withdraw collateral far exceeding their deposits.

Response and Recovery Efforts

Balancer’s community and security teams have since been working to trace the movement of the funds and identify potential off-ramps. Onchain analysts said the attacker used multiple intermediary wallets to disperse the stolen Ether, complicating efforts to freeze or recover it.

The DAO’s onchain message did not disclose the bounty amount, but Balancer previously said it was prepared to offer up to 20% of the stolen assets—a reward worth more than $20 million—if the funds were returned voluntarily. As of Friday evening, there were no signs that the attacker had responded to the proposal or moved the funds back.

Balancer’s response mirrors tactics used in other major DeFi exploits, where protocols publish messages directly onchain to open communication with the attacker, offering incentives for partial recovery. Such negotiations have yielded mixed outcomes across the industry, depending on the attacker’s sophistication and motivations.

Investor Takeaway

Audit Questions and Industry Fallout

The incident has prompted fresh questions about the effectiveness of multi-firm audits in decentralized finance. While Balancer said four separate companies had reviewed its codebase, the exploit suggests the vulnerabilities escaped detection during those assessments. As of publication, one of the auditing firms contacted by Cointelegraph had not provided comment.

Balancer’s exploit follows a string of high-value DeFi breaches in 2025, including attacks on Curve Finance and Manta Network earlier this year. Analysts say the incident may pressure platforms and liquidity protocols to increase bug bounty allocations and strengthen real-time transaction monitoring to prevent cascading losses.