Balancer makes last appeal to hacker behind $100M+ exploit

The Balancer DAO just dropped an onchain ultimatum to the hacker who swiped over $100M in staked ETH this week. They've got until Saturday to return the funds for a bounty, or face the full wrath of technical, onchain, and legal measures.

Balancer posted the message on X Friday, giving the hacker a final chance to come clean. The platform promised to keep affected users updated as the investigation continues.

The exploit went down Monday, draining more than $100M worth of staked ETH including OSETH, WETH, and wSTETH into a fresh wallet. This massive heist put Balancer's smart contract audits under the microscope—four security firms had reviewed them before this went down.

According to Wednesday's post-mortem, the hackers used a slick combo of BatchSwaps and the upscale rounding function affecting EXACT_OUT swaps to exploit Balancer's v2 Stable Pools and Composable Stable v5 pools.

Cointelegraph hit up one of the auditors for comment but got radio silence.

While the onchain message didn't specify the bounty amount, Balancer's team initially offered up to 20% of the stolen funds—that's over $20M for anyone counting. At publication time, nobody had taken the deal.