A DeFi platform called WUSD.fi suffered an attack where hackers stole funds from its GLOVE pools on Ethereum, causing around $200,000 in losses, according to security researcher ExVul. ExVul, who first identified the problem, explained that the attackers focused on the system that distributes rewards, not the main funds held by the platform. This meant that the people who provided funds to the platform – the liquidity providers – lost money, while the platform’s main reserves were safe.
According to ExVul, the attackers took advantage of a flaw in a system called WUSD._englove. This system didn’t have enough security to prevent abuse. It worked by giving out GLOVE tokens to wallets that converted at least 100 WUSD, and the attackers exploited this by repeatedly claiming the rewards with many different wallets.
Important Security Notice: /GLOVE Incentive Abuse
On May 25, 2026, a security issue occurred with /GLOVE on Ethereum, leading to the theft of approximately $200,000 worth of USDC and USDT from its liquidity pools.
🔎 What Happened
The problem stemmed from…— ExVul (@exvulsec) May 25, 2026
To carry out the attack repeatedly and on a larger scale, the attackers utilized EIP-7702 helper contracts and a flash loan from Morpho USDT. They then sold the stolen tokens on Uniswap V3, resulting in a loss of approximately 11,702 USDC and 8,079 USDT.
Incentive design flaw triggered liquidity drain
WUSD.fi is a platform for a special kind of stablecoin – one that doesn’t require central control. It lets you use popular stablecoins like USDC and USDT in a new way. Users earn GLOVE tokens by adding their stablecoins to the platform and providing liquidity. These tokens, and fees generated by the platform, are then used to buy back tokens and further reward users.
The way rewards were set up had a major flaw. Hackers exploited this by constantly making new digital wallets to collect large amounts of GLOVE tokens. They then immediately sold these tokens, emptying the available funds and stealing stablecoins. Arisk Security identified this as a “reward mechanism Sybil attack” on X (formerly Twitter).
🚨 Security Alert: Arisk 🚨
⚠️ The GLOVE project has been targeted by a bonding curve exploit on Ethereum.Attackers exploited a flaw in the project’s reward system to farm a large amount of GLOVE tokens, then sold them on the Uniswap V3 liquidity pool, significantly draining its funds.
The current estimated loss is around $200,000.
Transaction hash: …
— Arisk 中文 (@Arisk_io) May 25, 2026
Flash loan attacks continue across DeFi
The recent security issue at WUSD.fi is part of a larger trend of attacks using flash loans in the decentralized finance (DeFi) space this year. Just earlier this month, INK Finance lost around $140,000 in USDT due to an attack targeting its Polygon treasury. Similarly, Scallop Protocol suffered about $142,000 in losses when attackers took advantage of an old rewards system on the Sui network.
In February, hackers stole over $438,000 worth of SOF and LAXO tokens on the BNB Smart Chain. According to CertiK, the attackers exploited a vulnerability in how the tokens were burned by using flash loans to manipulate the system and then drain funds from liquidity pools.
The nature of attacks is also evolving. Hacken’s report for the first quarter of 2026 shows that DeFi platforms suffered 44 security breaches, resulting in $482 million in losses. The report highlights that issues with how these platforms are run – like weak governance, poor key management, and flawed reward systems – are now causing as much damage as problems with the code itself. These operational weaknesses continue to make DeFi protocols vulnerable in 2026.
Read More
- Pi Hotel Vietnam: First to Accept Pi Coin Payments in Real-World Transactions
- TAO PREDICTION. TAO cryptocurrency
- USD TRY PREDICTION
- Brent Oil Forecast
- Silver Rate Forecast
- EUR CLP PREDICTION
- IP/USD
- EUR CNY PREDICTION
- PI PREDICTION. PI cryptocurrency
- JPY KRW PREDICTION
2026-05-25 14:06