PANews|Jun 01, 2026 09:25
[Fluid Reward Contract Exploited, Resulting in Approximately $215,000 Loss]
According to BlackHart, the DeFi project Fluid's reward distribution mechanism on Ethereum was exploited, leading to the transfer of approximately $215,000 in assets. Fluid utilizes a Merkle reward list mechanism initiated by one key and approved by another. The attacker gained control of both operational private keys, submitted a reward list that only distributed rewards to themselves, and approved it, subsequently using a null proof to claim the rewards.
The stolen assets came from three reward distributors, including 112,883 FLUID tokens, 47,903 GHO tokens, and a small amount of cbBTC, which were later converted to ETH and transferred via Tornado Cash. Fluid's lending market, treasury, DEX, and user deposits were unaffected. The team replaced the compromised keys and transferred the remaining reward funds within approximately 10 hours. However, the public statement only mentioned a pause in reward updates, without disclosing details about the private key compromise or the losses incurred.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink