Gnosis Executes Hard Fork to Recover Funds From $116M Balancer Hack

What Did Gnosis Do later than the Balancer Hack?

Operators of the Gnosis Chain carried out a hard fork this week to recover funds linked to the $116 million Balancer exploit disclosed in November. The action followed earlier emergency measures taken by Block confirmers and comes later than weeks of coordination between node operators, developers, and affected protocols.

In a post on X published Tuesday, Gnosis confirmed that the hard fork had been executed and that the affected funds were now “out of the hacker’s control.” While the project did not specify whether the recovery was partial or complete, the statement pointed to a material change in the status of assets previously considered lost.

The hard fork was executed on Monday later than a majority of Block confirmers had already adopted a soft fork in November. That earlier step was taken to contain the damage from the exploit, which targeted Balancer-managed contracts deployed on Gnosis Chain.

Investor Takeaway

How Did the Balancer Exploit Unfold?

On Nov. 3, Balancer disclosed that its had been exploited, with losses exceeding $116 million. Onchain data later showed that the attacker moved ether into newly created wallets, complicating recovery efforts.

Balancer later said that white and internal rescue efforts managed to retrieve roughly $28 million of the stolen assets. Even so, the majority of funds appeared to remain inaccessible, prompting continued discussions among developers and infrastructure providers about extraordinary recovery measures.

The exploit affected a subset of Balancer’s deployment, specifically V2 Composable Stable Pools. According to the project, the vulnerability was isolated to that pool design rather than the broader protocol.

Why Did Gnosis Choose a Hard Fork?

Hard forks are among the most extreme tools available to blockchain communities, as they alter the chain’s state and require broad Block confirmer coordination. In this case, Gnosis had already viewn Block confirmer support for intervention through the earlier soft fork, creating a path toward a more decisive action.

Philippe Schommers, head of infrastructure at Gnosis, addressed the recovery effort in a Dec. 12 forum post. He said discussions were still underway around how affected users would claim recovered funds and how contributors involved in the rescue effort might be recognized or compensated.

“Right now we’re focused on enabling funds to be recovered by Christmas,” Schommers wrote. He added that once the , the community would determine the next steps.

The emphasis on DAO custody suggests that, while the chain-level intervention moved assets away from the attacker, governance decisions around distribution and compensation remain unresolved.

Investor Takeaway

What Does This Say About DeFi Security?

The Balancer exploit has reignited scrutiny around the limits of . Public records show that Balancer V2 underwent 11 audits conducted by four separate security firms. Despite that review history, the exploit still occurred.

The incident adds to a growing list of attacks that bypass formal audits by targeting edge cases in contract logic rather than obvious coding errors. It also highlights how interconnected DeFi deployments can spread risk across chains, drawing infrastructure providers like Gnosis into incident response.

For Gnosis, the fork sets a precedent that may influence future governance decisions when exploits affect critical infrastructure. For DeFi users, it reinforces that even well-audited systems carry tail risk, and that recovery paths can extend beyond the protocol itself.

Whether the hard fork leads to full restitution remains to be viewn. What is clear is that the response to the Balancer exploit has moved from protocol-level fixes to chain-level intervention, raising new questions about decentralization, governance, and responsibility in times of crisis.