- Balancer exploiter moves 6,999 ETH after protocol recovers $4.1M.
- StakeWise and partners retrieve assets, reducing net losses to $98M.
- Incident adds to several major 2025 hacks, including Cetus and Bybit.
The individual responsible for the recent Balancer breach has begun transferring and selling part of the stolen assets, marking a new phase in an already complex security incident. Recent blockchain activity indicates that large volumes of ETH have been transferred to new addresses, occurring shortly after Balancer announced it had recovered a portion of the compromised funds.
According to data reviewed by Arkham Intelligence, the attacker moved 6,999 ETH from the original exploit wallet to a separate address. Analysts view the relocation as preparation for asset liquidation, especially since the transaction followed earlier small-scale tests, including a 1 ETH transfer used to verify routing before initiating broader sales.
These transfers emerged days after Balancer confirmed the recovery of $4.1 million linked to a newly identified attack vector. Investigators traced the issue to a flaw involving an upscale function, which allowed the attacker to construct precise swaps generating small but cumulative losses across repeated operations. This method differed from the strategy used in previous breaches targeting the protocol.
In connection with the recent Balancer V2 stable-pool incident, a new value-extraction path was identified in V2 meta-stable pools. In coordination with @CertoraInc and @_SEAL_Org , Balancer team initiated a whitehat recovery around 7PM UTC and has secured ~$4.1M to controlled…
— Balancer (@Balancer) November 12, 2025
Additional Recoveries Reduce Overall Losses
Shortly after Balancer’s disclosure, StakeWise reported that it had reclaimed 19.3 million osETH taken during the same incident. The team executed a targeted smart-contract call that retrieved 5,041 osETH, bringing the estimated net loss down from $117 million to $98 million. These gains enabled several services to resume their normal operations.
Stader Polygon stated that unstaking for its MaticX product had been restored. The pause had been introduced as a precaution to prevent the exploiter from accessing additional liquidity during the ongoing recovery phase.
Breach Adds to a Year Marked by High-Value Crypto Hacks
The Balancer event adds to a growing list of major crypto security incidents recorded in 2025. In May, Cetus Protocol sustained losses of $260 million after investigators linked a wallet holding 12.9 million SUI to the attacker. Funds were moved through USDC, bridged to Ethereum, and later converted to ETH.
Earlier in the year, Bybit encountered a breach involving more than $1.4 billion in digital assets, with a series of ETH withdrawals traced to addresses interacting with the exchange’s wallets. Centralized exchange BigONE also confirmed a $27 million theft after attackers accessed its hot wallet, affecting assets including BTC, ETH, USDT, SHIB, SOL, and DOGE.
Stay informed with daily updates from Blockchain Magazine on Google News. Click here to follow us and mark as favorite: [Blockchain Magazine on Google News].
Disclaimer: Any post shared by a third-party agency are sponsored and Blockchain Magazine has no views on any such posts. The views and opinions expressed in this post are those of the clients and do not necessarily reflect the official policy or position of Blockchain Magazine. The information provided in this post is for informational purposes only and should not be considered as financial, investment, or professional advice. Blockchain Magazine does not endorse or promote any specific products, services, or companies mentioned in this posts. Readers are encouraged to conduct their own research and consult with a qualified professional before making any financial decisions.
About the Author: Peter Mwangi
