2 hours ago
857
Berachain Foundation has sent an update on X to its users affected by last week’s exploit. The foundation overseeing the blockchain reported near-total recovery of lost funds and shared its plan for user reimbursements.
The platform halted operations earlier this month to contain the attack and said it will soon launch a claims page allowing depositors to reclaim their assets.
— Berachain Foundation 🐻⛓ (@berachain) November 10, 2025
An exploit and a white-hat recovery
Balancer V2’s Composable Stable Pools exploit, which also affected other chains, with as much as $128 million in losses across various chains, including Berachain’s decentralized exchange, BEX, which runs on a fork of Balancer V2’s codebase, lost around $12 million.
The team responded by pausing all affected vaults and liquidity pools, suspending HONEY minting, and coordinating a network-wide emergency stop among validators.
A white-hat actor that reportedly claimed to be behind the exploit contacted the foundation and offered to return the stolen funds. The hacker pre-signed transactions to return the assets to Berachain’s deployer address upon the chain’s restart, which resumed operations on November 4. The funds had been transferred back to the foundation’s wallet.
Berachain also shared a detailed breakdown that shows the recovered assets: 5.7 million sUSDe, 2.15 million USDe, 3.2 million HONEY, and smaller amounts of wBERA, iBERA, wETH, and beraETH. Excluding minor discrepancies and white-hat-owned tokens that are still being processed, the recovery covers nearly the entire value affected by the exploit.
Refund process and user verification
Berachain shared a multi-tab spreadsheet in the same post on X. The spreadsheet includes affected addresses, token balances, and estimated recoveries across each pool category.
It said that exploited pools would be placed in “emergency withdrawal mode” on Wednesday, November 12, to allow users to withdraw any remaining balances from BEX before claim redemptions begin. The claims page, which will facilitate the redistribution of recovered assets, is currently being reviewed for quality assurance and community.
“To compute how much each user is entitled for redistribution, we identified each user’s percentage ownership of the pool before the exploit,” the team explained. “We then computed each user’s pro rata share of recovered funds based on that percentage and validated the result by cross-checking post-exploit ownership figures.”
“We will keep running checks and collecting feedback regarding the distribution of recovered funds until the final recovery claim is live,” the foundation said, noting that some minor adjustments could occur as verifications continue.
What’s next for Berachain?
Berachain’s coordination with validators and its collaboration with security researchers and service providers such as LayerZero, RedStone, and Pyth can be said to have helped contain potential spillover effects. The chain was offline for roughly 30 hours before it was restarted, with no damage to consensus-layer operations or unrelated dApps, according to Berachain.
Berachain Foundation stated in its post-mortem report that it will integrate Balancer’s forthcoming post-mortem patches, retire the compromised pool types, and conduct external audits before reactivating BEX.
Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.
English (US)