Gnosis Chain has successfully executed a governance-approved hard fork to recover approximately $9.4 million in funds stolen during the November Balancer exploit. The hard fork, executed on December 22, followed a ten-day upgrade window for node operators after a proposal was detailed by Gnosis head of infrastructure Philippe Schommers in a December 12 governance forum post.
The funds were originally frozen on the Gnosis Chain via a soft fork approved by validators in November 2025, which targeted assets identified as belonging to the attacker from the broader Balancer hack. Following the hard fork execution, the Gnosis Chain official X account warned all remaining validators to upgrade their nodes to avoid penalties, which could range from loss of staking rewards to potential slashing for prolonged non-participation or disruptive behavior.
The recovery effort is part of the fallout from a massive exploit of the Balancer V2 Protocol, initially reported on November 3, which drained over $116 million (with some reports citing $128 million) in digital assets across multiple chains, including Gnosis. While white hat hackers later recovered about $28 million, the majority of funds remained inaccessible. The exploit was isolated to Balancer's V2 Composable Stable Pools, despite the platform having undergone 11 audits by four different security firms.
Schommers stated the immediate focus is "enabling funds to be recovered by Christmas," after which they will be held in a DAO-controlled wallet while the community determines the process for victims to claim funds and how contributors to the rescue mission will be recognized or compensated.
The decision has sparked a divided reaction within the crypto community. While some praise the transparency and effort to make victims whole, others, like commentator Ignas | DeFi, criticize it as a breach of blockchain immutability and neutrality. He argues it sets a significant precedent, asking, "Do we hard fork for every hack?" and noting that similar interventions occurred on Berachain, Sonic, and Sui networks following major exploits. This move places Gnosis at the center of a broader debate about chain governance and intervention in the wake of major security incidents.
