LESS Protocol Exploit Drains Launch WETH Seed In Onchain Liquidity Attack

LESS Protocol has been hit by an onchain exploit that abused its launch-liquidity setup and drained nearly all of the initial WETH seed used to support the market.

The incident was not a phishing case built around a malicious signature, fake front end, or stolen seed phrase. The LESS Protocol liquidity incident centered on contract behavior during the launch process, where the protocol’s own WETH seed became the asset extracted through the exploit path.

The public technical breakdown points to the interaction between rollover rewards, claimFees() and createInitialLiquidity(). The weak point was the way LESS rewards could become overvalued when the system crossed multiple reward periods but advanced the decay logic only once. That allowed an attacker to claim inflated LESS during rollover, then use the same transaction path to trigger fee claiming and initial-liquidity creation against protocol-held WETH.

That makes the incident more serious than a normal user-side loss. A phishing drain usually begins with a victim approving the wrong transaction or exposing wallet control. This attack appears to have used protocol logic to pull value from the launch setup itself, turning the initial WETH seed into exit liquidity before the market had time to mature.

The exact final loss figure, exploiter address set, and recovery path still need a full postmortem. The important early point is already clear enough for users and launch teams: the drain came from launch mechanics, reward accounting and liquidity-creation flow, not from ordinary wallet compromise.

Why Launch Liquidity Is A High-Risk Moment

Token launches create a narrow but dangerous window where contract assumptions, reward schedules, liquidity seeding and trading access all meet for the first time. If any piece is mispriced or callable in the wrong order, the launch pool can become a live target before normal market depth forms.

That risk is higher when a launch system tries to do several things at once. Reward rollover logic must calculate emissions correctly. Fee-claiming functions must not create a cashout path before accounting is settled. Liquidity-creation functions must protect seed assets from being used against the protocol. If a single transaction can move through those steps in a profitable order, the launch can fail before outside liquidity even has a chance to balance the market.

The LESS case is a reminder that “initial liquidity” is not just a market-making detail. It is protocol capital. If that seed sits behind callable functions with weak sequencing, stale reward state or incomplete decay updates, attackers can treat it as a vault with a trading interface attached.

This is also why early DeFi launches need more than a standard contract review. Teams need adversarial testing around launch timing, period transitions, first-liquidity creation, reward decay, fee claiming, reentrancy assumptions, sandwich exposure, and the first blocks after market opening. The riskiest moment is often not months after launch. It is the first time the system’s economic assumptions meet real trading behavior.

DeFi Security Pressure Extends Beyond Bridges

The LESS exploit lands in a month already dominated by infrastructure-security concerns. Cross-chain systems have drawn the biggest loss totals, with bridge-related exploits reaching $328.6 million in 2026, but smaller protocol-level incidents keep showing how varied the attack surface has become.

Recent cases have involved fake mints, bridge-layer failures, collateral abuse, routing mistakes, liquidity drains and stablecoin depegs. The Echo Protocol bridge incident showed how a wrapped-asset problem can move into lending markets and Tornado Cash routing. LESS shows a different but related issue: launch capital can be drained when reward and liquidity functions create an exploitable sequence.

The recovery questions now are practical. LESS users need the affected transaction hashes, exploiter wallet, exact WETH loss, paused function list, remaining liquidity status, and whether any team-controlled contracts or treasury balances are still exposed. Launch participants also need clarity on whether trading, claims, liquidity creation or reward rollover functions are safe to use again.

The incident leaves LESS with an immediate containment checklist: freeze or disable the vulnerable path, publish the transaction trace, confirm remaining seed and treasury balances, explain the reward-decay failure, and release a patched launch flow before any market relaunch. Until those details are public, the exploit should be treated as an active protocol-risk event around WETH seed liquidity rather than a user phishing story.

The post LESS Protocol Exploit Drains Launch WETH Seed In Onchain Liquidity Attack appeared first on Crypto Adventure.