A recent attack targeting WUSD.fi and GLOVE resulted in approximately $200,000 being stolen from Uniswap V3 liquidity pools on the Ethereum network. The vulnerability that allowed this attack wasn’t detected by any security audits.
As a researcher, I’ve been looking into a recent incident where an attacker exploited a vulnerability, not in the code itself, but in how a protocol distributed rewards. On May 25th, someone managed to drain around $200,000 from two Uniswap V3 pools connected to the WUSD.fi and GLOVE protocols on Ethereum. It wasn’t a traditional hack; the system simply didn’t verify *who* was receiving the rewards, creating an opportunity for exploitation.
As a security analyst, I’ve been tracking a recent exploit. A researcher named exvulsec flagged it on X, detailing the entire transaction history on the blockchain. It appears the attacker utilized a flash loan to quickly acquire funds, created a series of new wallets to obscure their activity, and then rapidly sold the stolen GLOVE tokens into liquidity pools before the incident was detected.
The Mechanic Nobody Stress-Tested
A function within the WUSD.fi contract, called WUSD._englove, had a vulnerability. Security researcher exvulsec reported on X that new wallets could receive up to 2 GLOVE tokens simply by wrapping at least 100 WUSD while holding less than 2 GLOVE. This process required no identification or limits of any kind.
The attacker used special contracts (EIP-7702) and quickly borrowed a large sum of USDT through Morpho. They then repeatedly converted assets into and out of a wrapped form using new, temporary wallet addresses. Because each new address met the requirements, the system continued to generate more of the asset (GLOVE).
Recently, GLOVE tokens were sold directly on Uniswap V3, resulting in losses for those holding GLOVE-USDC and GLOVE-USDT. The GLOVE-USDC pool lost $11,702 worth of USDC, and the GLOVE-USDT pool lost $8,079 worth of USDT, as confirmed by Etherscan at the time this was reported.
What the Community Clocked
SecureAI explained on X (formerly Twitter) that the problem wasn’t with the smart contract’s code, but with how rewards were structured. Traditional security audits focus on checking the code’s logic, but they often fail to thoroughly test how attackers might exploit the system’s economic incentives.
A crypto account on X, called aegixe_cn, identified a recent event as another instance of someone exploiting a flaw in a system’s rules, and cautioned users to fully understand how a project works before investing. This warning feels particularly relevant after $200,000 was drained from a financial pool. This year has seen a growing number of security breaches in decentralized finance (DeFi), with May experiencing several incidents affecting Ethereum-based projects.
The attack wasn’t complex – it didn’t involve manipulating price feeds or exploiting reentrancy vulnerabilities. It simply took advantage of a minting function that gave tokens to anyone using a new crypto address. The attack continued as long as new, qualifying addresses appeared, contributing to a larger trend that has cost the DeFi space almost $770 million in 2026, according to official reports.
Read More
- Forza Horizon 6: Find the Ohtani Treasure Chest Location
- LEGO Batman Legacy of the Dark Knight Batcave Minikits & WayneTech Caches
- Diablo 4 Best Loot Filter Codes
- NTE Drift Guide (& Best Car Mods for Drifting)
- USD RUB PREDICTION
- Cookie Run Kingdom Timeline of Fate Update Guide
- USD CNY PREDICTION
- Top 10 Must-Watch Isekai Anime on Crunchyroll Revealed!
- PS Plus Monthly Games for June 2026 Wish List
- GBP CNY PREDICTION
2026-05-27 01:14