Wednesday, 17 Jun, 2026

Security Breakthrough: Fireblocks Thwarts Multi-Million Dollar Zero-Day Exploits on NEAR Protocol

7 mins read0Blockchain Technology, , , , , , , , , , , , , , ,

By Ted Hisokawa | June 16, 2026

In a significant victory for decentralized finance (DeFi) security, blockchain infrastructure firm Fireblocks has successfully identified and mitigated two critical zero-day vulnerabilities within the NEAR Protocol ecosystem. The discovery effectively averted a potential catastrophe that threatened the assets of over 22 million users associated with the SWEAT and HOT tokens. By intervening before these flaws could be weaponized on a broader scale, Fireblocks has highlighted both the persistent fragility of smart contract architecture and the necessity of proactive, AI-driven security monitoring.

The Anatomy of the Breach: A Technical Breakdown

The incident began in late April 2026, when Fireblocks’ proprietary blockchain monitoring systems flagged anomalous transaction patterns involving SWEAT, the native token of the popular "move-to-earn" Sweat Economy.

The security team observed a series of highly sophisticated transactions that appeared to bypass standard security measures. Crucially, these unauthorized withdrawals were occurring without the typical hallmarks of a hack—there were no compromised private keys, no deceptive phishing links, and no user-signed transactions. Instead, the attackers were leveraging a fundamental flaw in the logic of NEAR’s token standard (NEP-141).

The Flaw in the Mechanism

The vulnerability centered on the ft_resolve_transfer callback function. Under the NEP-141 standard, this function is designed to facilitate the refund of unused token balances back to the original sender if a transaction fails to complete.

In the case of the SWEAT contract, the implementation failed to include the critical #[private] macro. This omission meant that the function, which should have been restricted to internal contract calls only, was exposed to the public. Malicious actors realized they could craft a custom contract to invoke this function externally, effectively "tricking" the protocol into believing a legitimate transfer had failed. The system would then dutifully "refund" the tokens—not to the original sender, but directly into the attacker’s wallet.

The scale of the initial exploit was startling. One victim suffered the loss of 8.5 million SWEAT tokens in a single transaction, with the market value of the stolen assets estimated between $170,000 and $250,000 at the time.

Chronology of a Crisis Averted

The timeline of this event underscores the high-speed nature of modern blockchain warfare, where hours can mean the difference between a minor bug and a total ecosystem collapse.

  • Late April 2026: Fireblocks’ monitoring suite detects suspicious activity on the NEAR chain involving the SWEAT token.
  • Initial Investigation: Security researchers isolate the lack of the #[private] macro in the ft_resolve_transfer callback as the root cause.
  • Immediate Mitigation: Fireblocks coordinates with the Sweat Economy team to implement a patch, halting the unauthorized outflows.
  • Proactive Ecosystem Scan: Recognizing that this vulnerability might be systemic, Fireblocks initiates a wider audit of other major tokens on the NEAR Protocol.
  • The Discovery of the HOT Flaw: The audit reveals the identical logic flaw in the HOT token contract, which supports a massive user base of over 22 million individuals.
  • Emergency Patching: Fireblocks notifies the maintainers of the HOT token. A patch is deployed within hours, preventing any exploitation of the flaw.

The HOT Token and the Scale of Potential Damage

If the SWEAT exploit was a warning shot, the discovery of the same vulnerability in the HOT token contract was a brush with an extinction-level event. HOT serves as a central governance token for a vast ecosystem that supports over 35 million users and facilitates hundreds of millions of individual token transfers.

Had the vulnerability remained undiscovered, the potential for destruction was nearly limitless. Because the ft_resolve_transfer function is a core part of the token’s lifecycle, an attacker could have theoretically triggered "empty refunds" repeatedly, effectively minting unlimited tokens or draining the entire liquidity pool of the project. The resulting collapse would have likely eroded user confidence in the NEAR Protocol itself, potentially triggering a broader market sell-off for assets housed within the ecosystem.

Implications for Web3 Security

The intervention by Fireblocks serves as a powerful case study for the evolving state of Web3 security. As the industry matures, the complexity of smart contracts has increased, creating an environment where even minor syntax errors can lead to systemic financial failure.

The AI Arms Race

The rapid identification of these flaws by Fireblocks highlights a shift toward AI-powered security. As attackers increasingly utilize automated tools to scan for and exploit vulnerabilities in live code, the time window for defenders to respond has narrowed significantly.

"The arms race is no longer just about who writes the better code, but who can analyze it faster," noted one industry analyst. "AI allows us to map out complex contract interactions in seconds that would have taken human auditors days to untangle."

The "Security as Code" Mandate

The SWEAT and HOT incidents reinforce a growing consensus among developers: security can no longer be treated as an afterthought or a final checklist item before a mainnet launch. The reliance on standardized protocols—such as NEP-141—provides convenience, but it also creates "single points of failure." If a standard implementation is flawed, every project that adopts it inherits that vulnerability.

Economic Impact and Ecosystem Resilience

The financial fallout from the SWEAT exploit was significant. Estimates suggest that 13.71 billion SWEAT tokens—roughly 65% of the total circulating supply—were effectively "drained" during the active phase of the exploit. While the project was able to recover, the event serves as a stark reminder of the fragility of tokenomics in the face of technical exploits.

As of June 16, 2026, the market reflects the aftermath of these events. SWEAT is currently trading at approximately $0.00071807, showing a minor 0.04% decline in the last 24 hours. While the market cap sits at roughly $8.93 million, the token has shown remarkable resilience in its recovery efforts.

Conclusion: Lessons for the Future

The NEAR Protocol exploits of 2026 will likely be cited in security textbooks for years to come. They highlight the delicate balance between innovation and safety in the blockchain space.

For developers and project leads, the takeaways are clear:

  1. Rigorous Auditing: Even standard, widely used functions must be audited for specific implementation contexts.
  2. Proactive Monitoring: Real-time transaction monitoring is essential to catch exploits before they reach the scale of a total drain.
  3. Cross-Ecosystem Vigilance: Vulnerabilities are rarely isolated. If a bug exists in one contract, the entire ecosystem must be scanned immediately to identify if others share the same architectural weakness.

As the industry moves forward, the success of Fireblocks in this instance stands as a testament to the importance of collaborative defense. By identifying and patching these zero-day flaws, the firm not only saved millions of dollars in capital but also protected the integrity of one of the most vibrant communities in the Web3 space. The future of decentralized finance will belong to those who prioritize security as the bedrock of their operations, ensuring that the promise of a permissionless economy is not undermined by the vulnerabilities of its own construction.

Related Posts