Berachain successfully recovers $12.8 million in stolen funds, compensating over 1,000 affected users

The Berachain Foundation has confirmed the successful recovery of the $12.8 million stolen in the November 3 Balancer V2 vulnerability attack. This incident is one of the largest DeFi attacks in 2025 to date, but the Berachain team, through collaboration with white-hat hackers, ultimately achieved full restitution of the funds. This rare case not only restored user assets but also reignited industry discussions on DeFi security and composability architecture.

Berachain Announces Recovered Assets and Network Fully Restored

On the evening of November 4, the Berachain Foundation posted an announcement on X (formerly Twitter) stating that all funds stolen from its BEX pool have been transferred back to the foundation’s deployment wallet.

This means that within just 24 hours, Berachain completed the entire process from vulnerability discovery, emergency network shutdown, asset tracking, to fund recovery.

The official stated that the recovery was accomplished in cooperation with a white-hat hacker. The white-hat hacker proactively contacted the foundation after exploiting the vulnerability and returned all assets. Berachain also indicated that it is considering issuing a bounty as a token of appreciation and has restored key functions, including HONEY minting and redemption.

Incident Overview: Balancer V2 Vulnerability Causes $128 Million Cross-Chain Loss

The attack originated from the Composable Stable Pools module of the Balancer V2 protocol on November 3. The attacker exploited a precision error vulnerability in the manageUserBalance function, stealing approximately $128 million worth of assets from multiple protocols across different chains.

Affected networks include Ethereum, Arbitrum, Base, Optimism, Polygon, Sonic, and Berachain’s main ecosystem. Over half of the stolen funds were quickly exchanged into ETH.

Balancer promptly entered “recovery mode” and offered a 20% white-hat bounty (about $25.6 million), demanding the attacker return the funds within 48 hours. Despite Balancer’s treasury system having undergone nine audits, this incident exposed the potential security limits of DeFi composability under complex interactions.

Berachain’s Emergency Response: Hard Fork to Freeze Assets

Berachain is a Layer-1 network based on the Cosmos ecosystem that uses Proof-of-Liquidity consensus mechanism. Its decentralized exchange (DEX), BEX, is a fork of Balancer, and thus was affected by this vulnerability.

Within hours of the attack, the Berachain validators team took immediate action:

• Paused all Swap, deposit, and withdrawal functions to prevent further losses;
• Executed an Emergency Hard Fork to freeze the attacker’s assets;
• Negotiated with MEV (Maximum Extractable Value) operators;
• Ultimately, achieved full asset recovery through white-hat cooperation.

This is one of the few cases of DeFi protocols achieving “full recovery” after a large-scale attack, highlighting the responsiveness and community collaboration capabilities of the Berachain team.

User Compensation and Community Confidence Restoration

The Berachain Foundation stated that over 1,000 affected users will be compensated through a newly established Redistribution System, with funds allocated based on their original wallet addresses and deposit records. Additionally, other affected platforms like StakeWise successfully recovered approximately $20 million in assets, demonstrating increased maturity in the DeFi ecosystem’s crisis response.

Following the announcement, the native token BERA of Berachain experienced a short-term decline of 10% but quickly rebounded, indicating renewed market confidence in the project’s resilience.

Industry Analysis: Challenges to DeFi Composability and Auditing Systems

Although Berachain’s funds have been fully recovered, the incident revealed vulnerabilities in DeFi’s composability architecture. “Composability” refers to the ability of different DeFi protocols to call and stack each other to create innovative financial functions. However, this openness also means a single underlying vulnerability can affect multiple ecosystems.

Despite Balancer having undergone audits by multiple security firms, the vulnerability was still overlooked, illustrating that current auditing models may have blind spots under complex multi-chain interactions. Moving forward, the industry may need to incorporate formal verification, real-time monitoring, and cross-protocol security standards to enhance overall defenses.

Conclusion

Berachain’s successful recovery of $12.8 million marks one of the most proactive security recovery cases in DeFi in 2025.

In a crypto world plagued by trust crises, this event sends a new signal: rapid response, white-hat collaboration, and transparent handling remain key to rebuilding trust.

For investors, this case also serves as a reminder: DeFi holds enormous innovative potential, but risk management and security mechanisms are equally crucial for the ecosystem’s sustainable future.