Attackers drained liquidity from WUSD.fi’s GLOVE pools on Ethereum in a DeFi exploit, with security researcher ExVul estimating roughly $200,000 in total pool damage. Blockchain security firm ExVul first reported the incident, saying the attackers targeted the protocol’s reward system rather than its main treasury. As a result, liquidity providers took the losses while the core reserves remained untouched.
ExVul said the attackers exploited a faulty reward function known as WUSD._englove, which did not have proper safeguards against abuse. Each wallet that wrapped at least 100 WUSD received GLOVE token rewards, which attackers repeatedly collected using multiple wallets.
They also used EIP-7702 helper contracts and a Morpho USDT flash loan to repeat the process at scale. The stolen tokens were then sold into Uniswap V3 pools, draining about 11,702 USDC and 8,079 USDT.
Incentive design flaw triggered liquidity drain
WUSD.fi describes itself as a governance-free stablecoin wrapper that supports fiat-backed assets such as USDC and USDT. Its GLOVE token rewards users for wrapping assets and adding liquidity to pools. The platform also routes fees into token buybacks and liquidity incentives.
However, the reward design exposed a key weakness. Attackers repeatedly created new wallets to farm fresh GLOVE rewards at scale. They then quickly sold the tokens into liquidity pools, draining balances and extracting stablecoins. Arisk Security confirmed the exploit on X, describing it as a “reward mechanism Sybil attack.”
Flash loan attacks continue across DeFi
The WUSD.fi incident adds to a growing wave of flash loan-related exploits across decentralized finance this year. Earlier this month, attackers drained about $140,000 in USDT from INK Finance after targeting a Polygon treasury proxy. Additionally, Scallop Protocol lost roughly $142,000 when attackers exploited an outdated rewards contract on the Sui network.
In February, hackers also targeted SOF and LAXO tokens on BNB Smart Chain, stealing more than $438,000 in total. CertiK said attackers used flash loans to manipulate weak burn logic before draining liquidity pools.
Moreover, even the types of attacks are changing too. Instead of beFor broader scale: Hacken’s Q1 2026 Security & Compliance Report documented 44 separate DeFi security incidents totaling $482 million in losses during the first quarter — confirming that operational vulnerabilities are now driving losses alongside traditional smart-contract bugs. Inefficient governance models, poor key management, and broken incentive schemes are still contributing to the persistent vulnerability of DeFi protocols in 2026.
Also Read: Indian Bank Employee Steals ₹8.7 Cr from RBI Vault for Crypto Investment
