Fireblocks Thwarts SWEAT and HOT Exploits on NEAR, Protecting Millions

Fireblocks has revealed its role in identifying and mitigating two critical zero-day vulnerabilities that could have cost NEAR Protocol users millions of dollars. The flaws were discovered in the contracts of SWEAT, a token powering the Sweat Economy ecosystem, and HOT, a Web3 governance token with over 22 million holders.

In late April 2026, Fireblocks’ blockchain monitoring flagged unusual transactions on NEAR involving SWEAT tokens. Attackers were draining wallets without requiring private keys, phishing links, or user signatures. One victim alone lost 8.5 million SWEAT tokens in a single exploit, valued at $170,000 to $250,000. The problem stemmed from a missing security guard in the ft_resolve_transfer callback function, which refunded token balances without verifying the caller’s identity.

The exploit leveraged NEAR’s token standard (NEP-141), which uses ft_resolve_transfer to refund unused balances. In SWEAT’s implementation, this function lacked NEAR’s #[private] macro, leaving it exposed to public calls. Attackers exploited the flaw by crafting a malicious contract that tricked the system into issuing refunds directly to their wallets. The result: millions of tokens drained from victims’ accounts.

HOT Contract Flaw Uncovered

After patching SWEAT’s vulnerability, Fireblocks launched a broader investigation across NEAR’s ecosystem. Their proactive search uncovered the same flaw in HOT, a governance token with over 22 million holders. The potential consequences were severe—attackers could have exploited the same “empty refund” logic to mint unlimited HOT tokens or drain user balances. Fireblocks reported the issue to HOT’s maintainers, who deployed a patch the same day.

The stakes were enormous. HOT’s ecosystem supports over 35 million users and hundreds of millions of token transfers. A successful exploit could have triggered massive financial losses and eroded confidence in NEAR’s infrastructure.

Broader Implications for Web3 Security

Fireblocks’ swift action highlights the rising stakes in blockchain security. As AI tools accelerate the pace of code analysis, attackers can identify vulnerabilities in live contracts faster than ever. The same tools, however, can empower defenders to find and fix flaws before exploits occur.

For protocols like SWEAT, the consequences of such vulnerabilities are not just financial. SWEAT is a cornerstone of Sweat Economy, a move-to-earn ecosystem that incentivizes physical activity through token rewards. The April 2026 exploit, which drained 13.71 billion SWEAT tokens (65% of supply), underscored the need for robust contract security. Although user balances were restored, the incident highlighted the fragility of token ecosystems reliant on smart contract integrity.

As of June 16, 2026, SWEAT trades at $0.00071807, reflecting a 0.04481% decline in the last 24 hours. Its market cap stands at $8.93 million, underscoring the token’s recovery efforts post-exploit. HOT, meanwhile, avoided a similar catastrophe thanks to Fireblocks’ intervention, preserving its ecosystem’s stability.

For Web3 builders, the lesson is clear: security cannot be an afterthought. As the arms race between attackers and defenders intensifies, proactive measures and rigorous audits are critical to safeguarding user assets and ecosystem trust.

Image source: Shutterstock