Fireblocks detected and patched critical zero-day vulnerabilities in the SWEAT and HOT smart contracts on the NEAR blockchain this week, shielding 22 million users from what could have been multi-million dollar losses. The flaws were unknown to the developers until Fireblocks flagged them, and the fix was deployed before any exploitation occurred.
The zero-day find
Zero-day vulnerabilities are the most dangerous kind — no one knows they exist until someone finds them. In this case, Fireblocks' security team spotted the flaws in the contracts powering SWEAT (Sweat Economy) and HOT (the NEAR-based token). Both contracts had holes that, if left open, could have let an attacker drain funds or manipulate the tokens. Fireblocks moved quickly, working with the teams behind the contracts to seal the gaps before any damage was done.
Scale of the threat
The fix isn't minor. With 22 million users across both tokens, the potential losses ran into the millions. That's a lot of retail and institutional exposure. It's also a reminder that even after years of development, smart contract bugs can still slip through — and that proactive monitoring matters. Fireblocks didn't wait for an exploit report; they found the holes themselves.
The patched contracts are now live, and no funds were lost. For the teams behind SWEAT and HOT, the incident is a close call. For the broader NEAR ecosystem, it's another data point: chain security isn't just about the protocol layer — the contracts on top need constant attention too. Fireblocks says it will continue scanning for similar issues, but won't disclose specifics of the bugs to prevent copycat attempts.
