Balancer hack update: StakeWise recovers 73.5% of stolen osETH

StakeWise has taken swift action following a major decentralized finance exploit that sent shockwaves through Balancer and several connected networks this week.

StakeWise has recovered most of the assets stolen in the recent Balancer exploit, marking a rare success in the aftermath of one of the year’s largest decentralized finance attacks.

In a post on X on Nov. 4, the liquid staking platform said its DAO emergency multisig recovered about 5,041 osETH (worth roughly $19 million) and 13,495 osGNO (around $1.7 million) from the Balancer exploiter.

The recovery represents 73.5% of the 6,851 osETH drained in the attack. The remaining 26.5%, worth an estimated $7 million, was quickly converted to ETH by the attacker and could not be retrieved. 

StakeWise said the recovered funds will be returned to affected users on a pro-rata basis according to their pre-exploit balances. A full post-mortem and next steps will be published soon.

Balancer hack drained over $128M across networks

The Balancer hack exploited a flaw in the manageUserBalance function of its V2 Composable Stable Pools, allowing the attacker to withdraw funds without authorization. Because of the vulnerability, it was possible to manipulate internal balances and convert Balancer Pool Tokens into underlying assets like Ethereum.

The attack quickly spread across multiple layer-2 networks, including Arbitrum, Base, Polygon, Optimism, Berachain, and Sonic, which share parts of Balancer’s codebase. Blockchain analytics firms PeckShield and Lookonchain later reported that the total loss surpassed $128 million, compared to initial estimates of roughly $70 million.

The attacker consolidated stolen tokens into several wallets and began converting portions into ETH, raising concerns of laundering through mixers and bridges.

Balancer and partners respond

Balancer quickly paused affected pools and entered “recovery mode.” The team issued an on-chain message offering the attacker a 20% white-hat bounty, worth roughly $25.6 million, for the return of funds within 48 hours. They also warned users of scams impersonating Balancer’s team during the crisis.

Several connected protocols, including Gnosis, Berachain, and Beefy, also halted operations temporarily to contain the impact. The exploit, Balancer’s largest to date, adds to a rising tally of DeFi breaches in 2025.