Following the Balancer exploit, roughly $128M in assets were drained across multiple chains, including about $9.4M on Gnosis Chain. The specifics are still under investigation but it was unequivocally a malicious exploit.
We immediately took what action was possible, coordinating with affected issuers and infrastructure operators to minimize impact. Monerium froze the compromised EURe balances, and a similar measure was explored with Stakewise for osGNO, together protecting over €3M in value. The remaining assets were still held as Balancer V2 account balances and bridge governors temporarily halted bridge activity to provide time for further analysis and coordination.
The robust decentralization of our network means that unilateral action is impossible. However, our network of ~340,000 validators, including the large number of smaller independent validators who form the backbone of Gnosis Chain, do have limited options. These include doing nothing, or executing a hard or soft fork.
Our goal remains to get to a point where censorship - even at the validator level - is impossible. But, since validators do still have an ability to act, the question is how we use it. To stand aside because power can be abused or to act responsibly while we can?
A hard fork would require all ~340,000 validators to upgrade almost immediately, disrupting consensus and burdening operators. Anyone who failed to upgrade in time, typically smaller independent validators who are not online 24/7, would be penalized for remaining on the “wrong” fork. While they could be compensated after the fact, this would be sub-optimal.
By contrast, a soft fork allows validators to voluntarily adopt a client that simply refuses to attest to blocks moving the hacker’s balances. This avoids network disruption, respects validator autonomy, and provides time to coordinate a broader response.
In our view, a hack of this magnitude warrants community coordination and a validator vote. The process had to be handled with utmost discretion to avoid alerting the attacker but, with over 50% of validators in favor of a soft fork, this has now been implemented. While the stolen funds are now frozen and cannot be accessed by the hacker, redistributing them to their rightful owners will require a hard fork in the future. This can be included in a regular scheduled network update and will be communicated publicly ahead of time.
It is our opinion that exercising this collective power transparently, to protect users, is part of our responsibility, even as we work toward a future where no one has that power at all.
Now that the threat has been neutralized, bridges will reopen.