Fluid misplaced $215K after one attacker managed each reward distribution keys, draining tokens by means of faux Merkle roots and routing proceeds to Twister Money.
The reward tokens have been already gone. On Might 27, an attacker who held each of Fluid’s operational signing keys pushed a faux reward record to the protocol’s Merkle distributors on Ethereum, Base, and Arbitrum.
Fluid, the Ethereum-based DeFi protocol, makes use of a two-step system for distributing rewards: one key proposes a Merkle root and a second key approves it. As BlackHartInc on X reported, each of these roles have been held by a single actor. The 2-person management meant nothing as soon as one particular person held each keys.
One Particular person, Two Keys, Zero Resistance
The proposer key submitted a self-serving root to the FLUID distributor at 21:11:11 UTC. Twelve seconds later, the identical attacker permitted it utilizing the approver key. Twenty-four seconds after the preliminary proposal, a declare went by means of utilizing an empty Merkle proof.
That vacant proof was not a bug. A single-entry reward record produces a root equal to its solely leaf, so no proof path is required. The contract verified it accurately. Nothing within the sensible contract broke. Per forensic evaluation by BlackHart, the whole failure was operational key custody.
The identical propose-approve-claim cycle then ran towards the GHO distributor at 21:13:59 UTC and a 3rd distributor for a small cbBTC quantity hours later. Throughout all three chains, the attacker walked away with roughly 125,109 FLUID and 51,946 GHO, plus hint cbBTC.
What Really Left the Protocol, and What Did Not
Fluid’s lending markets, vaults, and DEX liquidity have been by no means in scope for these keys. The drained contracts have been reward distributors solely. 0xfluid on X confirmed that core protocol sensible contracts remained unaffected and person funds weren’t in danger from the incident.
The stolen FLUID and GHO have been swapped for roughly 103 ether by means of the MetaMask swap router. About 142.6 ETH ended up in Twister Money, routed partly by means of relay wallets and partly by direct deposit. L2 proceeds from Base and Arbitrum have been bridged again to Ethereum earlier than mixing.
A big withdrawal of someplace between $70 and $110 million from Fluid within the days following was not a second exploit. That was depositors pulling their very own funds, a confidence-driven financial institution run. Unrelated to the theft itself, although not precisely unrelated to the disclosure timing.
The Cleanup, and What Was Not Mentioned
About ten hours after the primary theft, on Might 28 at 07:05 UTC, the Fluid workforce eliminated the compromised proposer and approver roles from ten reward distributors in a single batched transaction. Round 314,000 FLUID and seven,400 USDC of remaining reward balances moved to a secure tackle.
Public communications from the workforce described solely a pause on reward claiming for updates. No point out of a key compromise. No point out of a loss. The exploit itself surfaced publicly on Might 31, 4 days after it occurred, when one lender had already pulled $77 million in USDC starting Might 28.
Pablo Veyrat, co-founder of Merkl, addressed the episode on X. Talking about his personal protocol’s design selections, Veyrat famous on X that Merkl runs three impartial dispute bots on absolutely separate infrastructure, every verifying new Merkle timber earlier than a root turns into efficient, with a minimal one-hour delay between a brand new root being posted and any claims going by means of towards it.
Why a Timelock Adjustments Every part Right here
All the exploit ran in beneath 24 seconds from proposal to say. That pace was solely attainable as a result of no delay existed between root approval and payout. Admin key exploits have hit DeFi repeatedly this 12 months, and the sample retains coming again to the identical hole: privileged keys with no friction between entry and motion.
BlackHart’s evaluation flagged operational safety as the one weakest scoring space in its pre-hack analysis of Fluid. The precise failure mode, two keys that could possibly be became a payout with out an impartial custodian or a ready interval, was already what the rating was warning about. Operational key compromises aren’t new to 2026, however the Fluid case provides a selected wrinkle: the two-key design seemed like a safeguard till it was held by one particular person.
The attacker’s pockets, 0x4925120c…1d3dfb, claimed throughout chains inside roughly the identical minute. No velocity cap bounded what a single cycle may launch. No real-time alerting caught the irregular exercise till hours later.