Key Highlights
- About 13.7 billion SWEAT tokens were drained from Sweat Economy foundation accounts in under 30 seconds.
- The attacker moved funds through Ref Finance and cross-chain bridges, spreading assets across wallets and chains to hide tracking.
Sweat Economy, a “move-to-earn” crypto project built on the NEAR Protocol, has been hit by a major exploit on Wednesday.
In a post on X today, blockchain security firm Blockaid reported that approximately 13 billion SWEAT tokens, worth about $2.63 million at current prices, were drained from several foundation accounts in a very short period.
How the attack happened
According to Blockaid, the exploit happened about 13:36 UTC and took about 30 seconds for the accounts to be emptied to zero. The attacker reportedly used a wallet address with the tag “3be304b” to move the funds.
In total, about 13.71 billion SWEAT tokens were stolen, which is about 67% of the total token supply. The attacker appeared to have quietly moved the funds through Ref Finance, a decentralized exchange, and also through cross-chain bridges like Wormhole/Portal Bridge.
These bridges are used to move assets between blockchains, which makes it harder to track.
Blockaid later estimated that the attacker controlled approximately 17.71 billion SWEAT tokens in total, valued at around $3.46 million at the time. The funds were distributed across multiple wallets: roughly $2.68 million remained in a primary address, about $761,000 was moved further along the transaction path, and around $20,000 had already been swapped into NEAR and USDC.
Independent investigator SomaXBT also confirmed the exploit, estimating total losses closer to $2.5 million. As of the time of writing, the Sweat Foundation had not issued an official public statement or disclosed a fix to the exploit.
Rising crypto exploits
The incident adds to a growing list of security breaches within the NEAR ecosystem. Earlier this month, Rhea Finance, a lending protocol, was hacked, resulting in losses exceeding $18.4 million.
In that case, the attacker reportedly created fake token contracts and added liquidity into newly created or “fresh” pools inside the system. This setup likely confused the platform’s oracle and validation systems, which are used to check if prices and transactions are real. Because of this, the attacker was able to trick the system into approving fake activity and then withdraw real assets.
Elsewhere in DeFi this year, Drift Protocol saw a much larger exploit reaching about $270 million in losses. Unlike the Rhea Finance incident, that attack was linked to compromised access controls rather than direct smart contract manipulation.
The latest exploit highlights ongoing security challenges in decentralized finance, particularly as attackers increasingly use cross-chain tools to obscure fund movements.
With multiple high-profile incidents occurring in recent months, concerns are growing around protocol security, risk management, and user protection across emerging blockchain ecosystems.
Also Read: Pi Coin Slips After Testing 200-Day Moving Average
