Fluid disclosed a compromise of its off-chain Merkle rewards distribution infrastructure. According to YAM, an attacker was able to submit and approve fraudulent Merkle roots across Fluid's off-chain rewards distribution contracts. The attacker drained an estimated 125,000 FLUID and 51,900 GHO on May 28, 2026.

The attacker then swapped the tokens, bridged proceeds, and routed ETH into Tornado Cash. The Fluid team stated that the core protocol smart contracts are fully safe and unaffected, as the incident only pertained to a rewards distribution contract. A detailed post-mortem will be shared in the coming weeks.

Fluid most recently extended its aWETH redemption protocol to L2 following the KelpDAO and LayerZero exploit that froze Aave markets in April.

ETHConf lands in NYC June 8-10, bringing together 5,000+ attendees, 150+ speakers, and 100+ companies across Ethereum, stablecoins, and institutional adoption.

Get your tickets at ethconf.com and use code ETHDAILY for 30% off General and 20% off VIP.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created