A previously undocumented form of malicious liquidity pool has been manipulating trade execution across Ethereum and Polygon, tricking DeFi applications into routing transactions through fraudulent venues.
A previously undocumented form of malicious liquidity pool has been manipulating trade execution across Ethereum and Polygon, tricking DeFi applications into routing transactions through fraudulent venues.

A previously undocumented form of malicious liquidity pool has been manipulating trade execution across Ethereum and Polygon, tricking DeFi applications into routing transactions through fraudulent venues.
Enso, a DeFi infrastructure platform, published research on July 16 exposing "toxic pools" — liquidity pools that display accurate prices during transaction simulation but deliver different outcomes when executed on-chain. The findings, based on two months of forensic analysis combining RPC data, transaction traces, and smart contract inspection, identified two real-world examples on Ethereum and Polygon that alternated between malicious and non-malicious states, rendering manual reviews and real-time simulations ineffective.
"Toxic pools can manipulate trade simulations, tricking applications into thinking they're the best execution venue, while masquerading as genuine pools," Milos Costantini, co-founder and chief product officer at Enso, said. "If crypto apps cannot distinguish between genuine and malicious quotes, they could repeatedly use these fraudulent execution paths, resulting in substantial losses."
The scheme targets the quoting infrastructure that wallets, aggregators, and DeFi apps use to determine optimal execution paths. Users receive a price quote, confirm the transaction, and receive less than the quoted price, while the pool continues to appear as the optimal route to the routing system. Unlike traditional smart contract exploits that target a specific protocol, toxic pools directly undermine the simulation layer that billions of dollars in daily DeFi volume depends on.
How toxic pools bypass simulation safeguards
The Ethereum pool identified by Enso's researchers alternated between malicious and non-malicious states, a pattern that makes detection particularly difficult. During simulation, the pool presents legitimate pricing data. At execution time, it delivers a different outcome — a divergence that standard security tooling fails to catch because the pool appears genuine during the inspection phase.
The research, independently validated by contacts from Curve and Oku, suggests the vulnerability extends beyond isolated incidents. As transaction-simulation-based routing becomes standard across wallets and aggregators, the attack surface grows. Enso's findings indicate that the industry's reliance on simulated price discovery may have created a blind spot that malicious actors are beginning to exploit.
Industry-wide implications for DeFi infrastructure
The exposure comes as a broader wave of infrastructure-level attacks hits DeFi. Last week, Summer.fi lost $6 million in a keeper-system exploit, and Ostium suffered an $18 million oracle attack on Arbitrum on July 15 after a hacker compromised a PriceUpKeep forwarder to submit falsified future-dated price data. While the Ostium and Summer.fi incidents involved compromised privileged roles, the toxic pool scheme represents a more insidious threat — one that exploits the simulation layer itself rather than a specific smart contract.
"Our investigation leads us to believe this is not simply another isolated smart contract exploit," Costantini said. "The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity."
Enso has made the full report publicly available to drive industry-wide awareness and validation standards rather than attributing responsibility to individual protocols. The company warned that without better mechanisms to verify what users actually receive versus what simulations predict, toxic pools could become a systemic risk across DeFi.
This article is for informational purposes only and does not constitute investment advice.