Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Fluid Protocol Loses 125K FLUID & 51.9K GHO in Key Compromise Attack

Fluid's rewards infrastructure was compromised, allowing an attacker to drain 125K FLUID and 51.9K GHO, swap the assets, route funds through Tornado Cash, and trigger criticism over the protocol's delayed disclosure.

Written By Dishita Malvania
Published 2026-05-31·Updated 1 month ago
Make The Crypto Times preferred on GoogleGoogle
Share
Fluid Protocol Loses 125K FLUID & 51.9K GHO in Key Compromise Attack
Show AI Summary
Fluid’s Merkle rewards system was compromised due to a key breach, allowing an attacker to drain assets quickly.
The exploit occurred on May 27, but was only publicly disclosed by Fluid after being surfaced by on-chain researcher YAM on May 31.
The attacker used empty-proof Merkle claims to claim rewards from multiple contracts, taking advantage of a tight timeline to execute the exploit.

Fluid, the DeFi lending and borrowing protocol formerly known as Instadapp, has suffered a security breach involving a key compromise of its off-chain Merkle rewards distribution infrastructure. 

The exploit drained approximately 125,000 FLUID tokens and 51,900 GHO from multiple Merkle distributor contracts, with the attacker subsequently swapping the stolen assets and funneling ETH into Tornado Cash.

The breach was first surfaced publicly by on-chain researcher YAM (@yieldsandmore), who noted that the exploit actually occurred on May 27, days before Fluid acknowledged it. According to YAM, a lender withdrew $77 million in USDC starting on May 28, and the Fluid team posted about high USDC deposit rates that same day, raising questions about the timeline between internal awareness and public disclosure.

“The exploit was on May 27th. This exploit was surfaced earlier today (May 31st) and only after that was it disclosed. Why was it only disclosed now?” YAM wrote in a reply to Fluid’s official statement.

How the exploit unfolded

The attacker, operating from wallet 0x4925120CbE5A78Bf08F26f6E8cdF820f4c1D3dfB, was able to claim rewards from multiple Fluid Merkle distributor contracts using empty-proof Merkle claims. The timeline on Ethereum was remarkably tight: a proposer submitted a Merkle root, an approver approved it, and the exploiter claimed FLUID tokens roughly 24 seconds after the proposal went through. The GHO claim followed minutes later.

After claiming both the FLUID and GHO tokens, the wallet swapped the stolen assets, bridged some proceeds from Base and Arbitrum, and later deposited ETH into Tornado Cash Router, a well-known privacy mixer frequently used to launder stolen crypto funds.

Several hours after the exploit, an admin-style batched transaction removed the old proposer and approver roles across multiple Fluid rewards contracts, confirming that compromised keys were being rotated out.

Fluid’s response: No mention of key compromise

Fluid acknowledged the incident in a post on X on May 31, 2026, stating that the team “identified and contained a compromise affecting our off-chain merkle rewards distribution infrastructure.” The protocol emphasized three points: the core protocol remains fully secure, all smart contracts are safe and unaffected, and user funds are not at risk.

“The impacted contract is not part of the core protocol infrastructure and was used solely for rewards distribution with minimal funds in its balance,” the team wrote, adding that a detailed post-mortem would follow.

Notably absent from Fluid’s statement was any mention of a key compromise or the specific amount of funds lost. The team told users that Merkle reward claiming would be temporarily paused for a few days, potentially up to a week, while updates are made. Rewards will continue accumulating retroactively, and claiming will resume once updates are complete, according to the protocol.

Delayed disclosure draws community criticism

The gap between when the exploit occurred (May 27) and when it was publicly disclosed (May 31) has drawn pointed criticism from community members. YAM’s thread highlighted that the exploit was only acknowledged after independent on-chain analysis brought it to light, not through a proactive disclosure from the Fluid team.

The fact that a $77 million USDC withdrawal began on May 28, one day after the exploit, and that Fluid simultaneously promoted high USDC deposit rates has fueled suspicion that certain parties may have had advance knowledge of the situation before retail users were informed.

A pattern in DeFi security failures

The Fluid exploit adds to what has already been a brutal 2026 for DeFi security. According to industry data, crypto exploits and hacks have exceeded $770 million in total losses this year, with April alone recording over $635 million across 28 separate incidents. High-profile breaches at Drift Protocol ($285 million), Kelp DAO ($292 million), and THORChain ($10.8 million) have dominated headlines.

While the Fluid breach is smaller in scale compared to these incidents, the nature of the exploit, a key compromise enabling fraudulent Merkle claims on off-chain reward infrastructure, highlights a recurring vulnerability across DeFi: the security of privileged keys and the operational trust layers that sit outside of smart contracts themselves.

Fluid had previously weathered the Resolv Protocol fallout in March 2026, when it repaid $70 million in bad debt from the Resolv exploit, a move that was widely praised for demonstrating financial resilience.

The Crypto Times will continue to monitor the situation closely for any further on-chain developments, post-mortem disclosures, or updates regarding the drained funds. This event serves as yet another reminder that off-chain infrastructure and key management remain critical weak points in DeFi, even when core smart contracts are technically sound.

Also Read: Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
BlackRock CEO Predicts Strong Markets, Says Bitcoin Is More Stable
BlackRock CEO Predicts Strong Markets, Says Bitcoin Is More Stable
a16z Says Wall Street Wants Blockchain, Not DeFi
a16z Says Wall Street Wants Blockchain, Not DeFi
Fed Chair Warsh Calls for Regulator Coordination on GENIUS Act
Fed Chair Warsh Calls for Regulator Coordination on GENIUS Act
Base’s Jesse Pollak Admits Creator Coin Strategy Failed, Signals AI Pivot
Base’s Jesse Pollak Admits Creator Coin Strategy Failed, Signals AI Pivot

Find Us on Socials

You may also like

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Blockaid Flags BarnBridge Legacy Proposals Over Token Approval Risks

Blockaid Flags BarnBridge Legacy Proposals Over Token Approval Risks

EU, US, UK Target Crypto Wallets in Alleged $300M TrickBot Crackdown

EU, US, UK Target Crypto Wallets in Alleged $300M TrickBot Crackdown

Lumi Finance Drained of $270K on Arbitrum via Smart Account Exploit

Lumi Finance Drained of $270K on Arbitrum via Smart Account Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information