
ExVul researchers detail wallet cycling attack on WUSD.fi and GLOVE pools. The exploit reveals structural risk in DeFi reward programs that could affect other protocols.
Attackers drained an estimated $200,000 from Uniswap V3 liquidity pools on Ethereum by exploiting weaknesses in the WUSD.fi and GLOVE incentive system, according to security researchers at ExVul. The attackers cycled funds through multiple wallets to repeatedly farm rewards, taking advantage of flaws baked into the protocol's incentive structure. The event is small relative to recent DeFi hacks. It exposes a structural vulnerability that affects any protocol relying on reward-based liquidity mining.
The exploit did not rely on a smart contract bug in the traditional sense. Attackers abused the design of WUSD.fi and GLOVE incentive programs on Uniswap V3. These programs reward liquidity providers with tokens for depositing into specific pools. The attackers created multiple wallets, each depositing small amounts of liquidity. They then withdrew and redeposited the same funds repeatedly. Each cycle triggered a new reward claim, allowing the attackers to farm far more tokens than the intended allocation.
ExVul described the flaw as baked into the incentive structure itself. The protocol lacked checks to prevent a single entity from using multiple addresses to claim rewards on the same capital. This is not a new attack vector. Similar farming exploits have hit DeFi protocols like Harvest Finance and PancakeBunny in the past. The difference here is the specific targeting of Uniswap V3 concentrated liquidity pools. Rewards are tied to price ranges, which can amplify the impact when a single entity cycles capital across many addresses.
The direct loss is $200,000 in WUSD and GLOVE tokens, plus ETH used for gas fees. The affected pools were on Ethereum mainnet, not on layer-2 networks. Liquidity providers who had deposited into those pools during the attack window may have seen their share of rewards diluted. The stolen amount is small relative to total value locked in Uniswap V3.
Second-order effects are more concerning. The exploit demonstrates that any DeFi protocol with a multi-wallet reward system is vulnerable to the same technique. Protocols that rely on Uniswap V3 for liquidity may need to redesign their incentive distribution logic. The attack also raises questions about the security of AI-driven trading agents. These agents are increasingly used to automate yield farming strategies. If an AI agent can be programmed to cycle wallets faster than a human, the attack surface expands.
WUSD.fi and GLOVE can mitigate the flaw by implementing per-address reward caps or requiring a minimum holding period before rewards vest. Uniswap itself could add protocol-level checks for wallet cycling. That would require a governance vote. For now, liquidity providers should avoid pools that lack anti-sybil measures. The ExVul report provides a clear blueprint for fixing the issue. This reduces the likelihood of a repeat attack on the same pools.
If other protocols copy the same flawed incentive design without patching, copycat attacks could drain multiple pools simultaneously. The $200,000 loss is small. It could trigger a broader loss of confidence in DeFi yield farming. Regulators may also take note. The exploit shows that even audited protocols can have structural flaws not covered by standard smart contract audits. The CFTC and SEC have already signaled interest in DeFi enforcement. This incident could accelerate scrutiny.
The immediate follow-up is whether WUSD.fi and GLOVE will compensate affected liquidity providers. If they do not, the incident could lead to a loss of trust and capital flight from their pools. The broader DeFi market will watch for similar exploits on other Uniswap V3 incentive programs. For traders, the event reinforces the need to verify incentive design before depositing liquidity. The ExVul report is a useful reference for assessing risk in any reward-based pool.
For a broader view of how such events affect the crypto market, see our crypto market analysis. For the latest on Ethereum network activity, check the Ethereum (ETH) profile.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.