Attackers drained an estimated $200,000 from Ethereum-based liquidity pools on Uniswap V3 by exploiting weaknesses in the WUSD.fi and GLOVE incentive programs, according to security researchers at ExVul. The incident involved repeatedly cycling funds through multiple wallets to farm rewards, highlighting design flaws in the protocols’ incentive structures.
Exploit targeted liquidity incentives on Uniswap V3
ExVul’s analysis indicates the loss stemmed from vulnerabilities in how WUSD.fi and GLOVE structured their reward mechanisms, rather than a flaw in Uniswap V3’s core contracts. Uniswap V3 is a leading automated market maker on Ethereum, and third-party protocols frequently build incentive schemes on top of its liquidity pools to attract capital.
How the attackers extracted rewards
Researchers said the attackers cycled assets through multiple addresses to repeatedly claim rewards, effectively gaming the incentives intended for liquidity providers. By leveraging several wallets and moving funds in loops, the perpetrators amplified payouts beyond the programs’ intended limits.
Why incentive design remains a DeFi risk
Incentive programs are common across decentralized finance to bootstrap liquidity and user activity. However, if reward structures lack safeguards—such as anti-Sybil protections, rate limits, or time-weighted mechanisms—they can be abused without directly compromising underlying smart contracts. The reported losses underscore the importance of robust incentive design and testing when deploying rewards on major liquidity venues like Uniswap V3.
What’s next
ExVul reported the incident and attributed the loss to incentive-structure weaknesses. Further technical details and any remediation steps from the affected projects were not immediately available.