PANews reported on June 1st that, according to BlackHart, the reward distribution mechanism of the DeFi project Fluid on Ethereum was exploited, resulting in the theft of approximately $215,000 in assets. Fluid employs a Merkle reward list mechanism where one key initiates and another approves. The attacker possessed both operating private keys, submitted and approved a list of rewards to be distributed only to themselves, and then used a null proof to complete the claim. The stolen assets came from three reward distributors, including 112,883 FLUID, 47,903 GHO, and a small amount of cbBTC, which were later exchanged for ETH and transferred via Tornado Cash. Fluid's lending market, vault, DEX, and user deposits were unaffected. The team replaced the compromised key and transferred the remaining reward funds within approximately 10 hours, but the public statement only mentioned that reward claims were temporarily suspended, without mentioning details of the private key leak and the loss.