SWEAT agreement was stolen 13.71 billion tokens; after pausing the contracts, users’ funds were fully restored

According to the post-incident report released after the SWEAT protocol attack, the user funds stolen in the exploit that occurred on Wednesday have been fully restored, and protocol operations have returned to normal. Crypto security firm Blockaid estimates that the attacker stole about 13.71 billion SWEAT tokens; the SWEAT team quickly paused the token contract and contacted the exchange and the Near-based liquidity provider Rhea Finance, ultimately restoring all users’ account balances.

Attack Timeline and Scale

Based on the SWEAT post-incident report and Blockaid’s analysis, the attack began at 13:36 Coordinated Universal Time (UTC). The attacker exploited a vulnerability in the SWEAT token contract on the Near blockchain to extract funds from accounts ranked among the top 100 in SWEAT holdings. Blockaid noted that multiple SWEAT foundation wallets were fully drained within 30 seconds. The attacker briefly controlled about 13.71 billion SWEAT tokens—around 65% of the total supply—when the market value was approximately $3.5 million.

SWEAT Team’s Response

According to the SWEAT post-incident report, after discovering the attack, the SWEAT team quickly paused the SWEAT token contract and contacted the MEXC exchange, which the attackers used as a liquidation channel, as well as the Near-based on-chain liquidity provider Rhea Finance. MEXC subsequently froze the attacker’s accounts, and Rhea Finance paused related SWEAT trading.

The SWEAT post-incident report confirmed: “All external account balances have been fully restored, and operations are back to normal.” SWEAT also posted on the X platform: “We sincerely appreciate the support and suggestions from the community, which helped us resolve this issue quickly.”

The SWEAT team also said it plans to submit an incident report to relevant law enforcement authorities and conduct a detailed forensic analysis.

Background on Recent Crypto Attacks

According to a report by The Block, this SWEAT protocol attack occurred after two recent large-scale attacks: the Drift protocol suffered a $280 million attack, believed to be the largest Solana chain exploitation to date; Kelp DAO suffered a $292 million attack, causing DeFi’s total value locked (TVL) to drop significantly in recent days. In response to the Kelp DAO attack, a community organization called DeFi United has announced its formation, aiming to compensate affected users for their losses.

Frequently Asked Questions

How much money was involved in the SWEAT protocol attack? Have user funds been restored?

According to Blockaid’s estimate, the attacker stole about 13.71 billion SWEAT tokens, roughly 65% of the total supply, with a market value of about $3.5 million at the time. According to the SWEAT post-incident report, all user account balances have been fully restored, and protocol operations are back to normal.

How did the SWEAT team respond to this attack?

According to the SWEAT post-incident report, the team quickly paused the token contract and contacted MEXC and Rhea Finance; MEXC froze the attacker’s accounts, Rhea Finance paused related SWEAT trading, and ultimately helped restore user funds.

Which blockchain’s vulnerability was exploited in this attack?

According to Blockaid’s analysis, the attacker exploited a vulnerability in the SWEAT token contract on the Near blockchain to extract funds from accounts ranked in the top 100 by holdings, and some SWEAT foundation wallets were fully drained within 30 seconds.