The DeFi project Fluid on Ethereum suffered a security breach, resulting in the theft of approximately $215,000. The attack targeted Fluid's reward distribution mechanism, which uses a Merkle reward list requiring two private keys for operation. The attacker managed to obtain both keys, allowing them to submit and approve a reward list that directed funds solely to themselves. The stolen assets included 112,883 FLUID, 47,903 GHO, and a small amount of cbBTC, which were converted to ETH and laundered through Tornado Cash.
Fluid's core systems, including its lending market, vault, DEX, and user deposits, remained secure. The team responded by replacing the compromised key and securing the remaining funds within 10 hours. However, their public statement only noted a temporary suspension of reward claims, omitting details about the key compromise and the financial loss.
Fluid DeFi Contract Exploited, $215,000 Stolen
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.