Sweat Economy, the move-to-earn project behind $SWEAT tokens, primarily on NEAR Protocol was exploited on April 29, 2026. An attacker exploited a vulnerability in the SWEAT token contract around 13:36 UTC. They drained approximately 13.71 billion SWEAT tokens roughly 65% of the total supply at the time from multiple Sweat Foundation and top holder accounts in about 30 seconds.
The attacker used a custom Rust-based drainer contract and routed funds through Ref Finance a major NEAR DEX and cross-chain bridges like Wormhole/Portal. Blockaid, a blockchain security firm detected and publicly flagged the exploit in real time, including the exploiter address and a key transaction.
The value of the drained tokens was estimated at around $2–3.5 million depending on the exact price at the moment of the attack. The team responded rapidly: They paused the token contract immediately. MEXC froze the attacker’s account, and Rhea Finance halted SWEAT trading to prevent liquidation.
As a result, all affected external user balances were restored. The protocol later deployed a patched contract. This is one of the rarer cases where most funds were recovered before the attacker could fully cash out, thanks to the pause functionality, quick coordination, and real-time alerts. User funds appear to have been restored for external accounts.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
The team has stated they will file a law enforcement report and conduct a full forensic analysis and post-mortem. The exact root cause has not been publicly detailed yet in the sources. If you hold or interact with SWEAT on NEAR, check your wallet and revoke any unnecessary approvals for Sweat-related contracts.
Be cautious with older or less actively maintained projects — this incident highlights risks in ecosystems with emerging DeFi activity. This event is part of a broader wave of DeFi exploits in April 2026, but the fast mitigation here stands out compared to cases where funds were permanently lost.
The Sweat team has stated they will conduct a forensic review and publish one, along with filing a law enforcement report. The attack started around 13:36 UTC on April 29, 2026. Within roughly 30 seconds, the attacker drained approximately 13.71 billion SWEAT tokens, about 65% of the total supply at the time, valued at roughly $2–3.5 million depending on the spot price during the dump.
Multiple Sweat Foundation-controlled accounts and top holder accounts were emptied to zero. A vulnerability in the SWEAT token contract on NEAR; written in Rust, as is standard for NEAR smart contracts. The exact bug has not been disclosed publicly. It allowed rapid, unauthorized token transfers or balance manipulation and draining across many accounts.
The attacker deployed and used a custom Rust-based drainer contract. Blockaid identified a crate and module named exploit-resolve in the drainer, suggesting it was purpose-built for fast batch extraction and resolution and transfer of tokens. This enabled highly automated, near-instantaneous calls that targeted multiple high-balance accounts likely via some form of bulk transfer, approval abuse, or unauthorized mint/transfer logic in the vulnerable token contract.
Funds were then routed through Ref Finance for swaps and through cross-chain bridges such as Wormhole/Portal to move assets off NEAR and complicate tracking. Some early speculation suggested possible admin-key compromise or access to foundation-controlled accounts rather than a pure reentrancy, oracle and manipulation bug in user-facing logic. However, reports consistently describe it as a token contract vulnerability that the drainer exploited.
The response was unusually fast and effective for DeFi: The team immediately paused the token contract, halting further malicious transfers. They coordinated with MEXC which froze the attacker’s account and Rhea Finance which halted SWEAT trading/liquidity actions on NEAR. As a result, all affected external user balances were restored. A patched token contract was later deployed.
This pause functionality in the token contract was critical — many token exploits become irreversible without such admin controls. Root cause unknown publicly: It could involve access control issues, a logic error allowing unauthorized ft_transfer or similar calls, or compromised keys enabling the initial vector. The upcoming post-mortem should clarify this. User actions: Revoke approvals for any Sweat-related contracts via a NEAR explorer or wallet tools.
Be cautious with any unverified interactions involving older contracts. The incident highlights risks in token contracts that handle large supplies and have admin privileges, especially when combined with custom drainers built in Rust for NEAR’s environment. NEAR contracts benefit from Rust’s safety features, but access control and upgrade patterns remain common weak points if not audited rigorously.