Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Sweat Foundation was exploited. An attacker drained approximately 13.71 billion SWEAT tokens (about 65% of total supply) from multiple foundation-controlled accounts within roughly 30 seconds, resulting in a loss of about $3.5 million. The attacker exploited a vulnerability in the SWEAT token contract using a custom drainer contract, then attempted to liquidate and bridge the funds via Ref Finance and Wormhole. The team quickly paused the contract, coordinated freezes with MEXC, and restored all external user balances. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 3,500,000.
- chain
- —
- protocol
- Sweat Foundation
- bug_class
- phishing
- date_occurred
- 2026-04-29
- loss_usd
- $3,500,000
- source_id
- sm:sweat-foundation::2026-04-29