Gnosis deploys protocol upgrade to recover compromised assets after security incident

In November 2025, the Gnosis network faced a crisis when a vulnerability in the Balancer protocol was exploited, resulting in a massive theft of funds. In response to this critical situation, Gnosis chose to implement a consensus upgrade to invalidate malicious transfers and secure the assets in a safe vault.

Scope of the incident

The initial attack was devastating: over $116 million was stolen. However, the security community played a crucial role when white-hat hackers managed to recover an additional $28 million, significantly reducing the final impact of the incident.

Path to the solution: soft fork versus hard fork

Gnosis initially evaluated a soft fork in early November as the first containment measure. However, after assessing community support and the magnitude of the problem, the developers determined that a more in-depth intervention was necessary. The hard fork was executed once the majority backing of validators and stakeholders was secured.

Next steps in governance

The implementation of the hard fork is just the first step. It is now up to the community to decide how to allocate the recovered funds and establish compensation mechanisms for affected collaborators. This distributed governance process strengthens the network’s ability to respond to security crises collectively.