The hacker behind the massive Balancer DeFi breach is swiftly converting the stolen assets into Ethereum, while Stakewise has recovered part of the stolen tokens.
The Balancer DeFi protocol remains in crisis following a large-scale exploit that drained more than $116.6 million in digital assets.
According to the on-chain analytics platform Lookonchain, the attacker has initiated the conversion of the stolen tokens into Ethereum (ETH).
Earlier reports indicated that most of the stolen funds, around $99.5 million, accounting for 85% of the total loss, came from the Ethereum network. The hackers dispersed the remaining assets across multiple other blockchains, moving substantial amounts to each.
Among them, they allocated $7.9 million to Arbitrum, $3.9 million to Base, and $3.4 million to Sonic, highlighting the largest allocations. Meanwhile, OP Mainnet secured $1.5 million, and Polygon received $231,000, representing the smaller end of the distribution.
Breakdown of the Stolen Tokens
The attacker exploited a variety of crypto assets, including tokens that can be easily traded and those tied up in staking contracts. Among the impacted assets were Lido’s stETH, Frax, Rocket Pool’s rETH, and tokens held in Balancer V2 pools.
Moreover, blockchain explorer Etherscan highlighted key transactions linked to the breach. These include the movement of 6,851 osETH, 4,259 wstETH, and 6,587 WETH from Balancer Vault to an address now tagged as “Balancer Exploiter 2.”
Stakewise DAO Executes Swift Recovery
In a coordinated response, Stakewise DAO, an Ethereum liquid staking protocol, executed a series of recovery transactions. Its emergency multisig team successfully reclaimed 5,041 osETH, valued at approximately $19.3 million, from the exploiter’s wallet. In addition, they recovered 13,495 osGNO, worth around $1.7 million, thereby securing a substantial portion of the misappropriated assets.
This recovery represents about 73.5% of the osETH stolen, while the osGNO tokens were fully retrieved. Stakewise confirmed these figures in a public statement following the exploit.
Stakewise clarified that the remainder of the stolen osETH could not be recovered. The reason was that the attacker had quickly converted it into ETH. This rapid movement of funds prevented the on-chain recovery of the missing portion.
Just half an hour earlier, StakeWise DAO emergency multisig has executed a series of transactions, recovering ~5,041 osETH (~$19M) and 13,495 osGNO (~$1.7M) tokens from the Balancer exploiter.
On Ethereum mainnet, this represents 73.5% of the ~6,851 osETH stolen earlier today,… pic.twitter.com/b43EGf92hm
— StakeWise (@stakewise_io) November 3, 2025
Compensation and Next Steps
Stakewise stated that recovered funds will be returned to affected users of the Balancer V2 pools. Compensation will be distributed pro rata, based on user balances before the exploit occurred.
The project team also confirmed that they will soon release a detailed post-mortem report outlining the recovery process and future preventive measures.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
Solana 
TRON 
Lido Staked Ether 
Dogecoin 