What happened?
Balancer’s V2 Composable Stable Pools were exploited in a major breach that moved over $128 million across chains. StakeWise later recovered 5,041 osETH (about $19.3M), reducing the hacker’s take from roughly $117M to $98M as much of the loot was converted into ETH. Investigators say the attacker abused improper authorization and callback handling in smart-contract interactions and laundered funds through mixers and swaps.
Who does this affect?
Directly affected are Balancer V2 liquidity providers and users of the Composable Stable Pools, plus holders of tokens like osETH, wstETH and WETH that were drained. StakeWise and other liquid-staking services are involved in recovery efforts and face reputational fallout, while Balancer V3 and other unaffected pools may still suffer from lost trust. Large holders reacted quickly — a dormant whale withdrew $6.5M — and broader DeFi users now face higher counterparty and smart-contract risk.
Why does this matter?
The hack slashed Balancer’s TVL from $442M to about $214.5M in under a day, showing how quickly capital can flee after a security incident. That sudden outflow and the conversion of stolen liquid-staked tokens into ETH can increase selling pressure on related assets, raise insurance and borrowing costs, and tighten liquidity across DeFi. Overall it erodes investor confidence and is likely to reduce participation in composable DeFi products until fixes, audits, and clearer recovery outcomes restore trust.