54 hack event(s)
Description of the event: Fusion has released a security update stating that its IPOR USDC Fusion Optimizer contains a vulnerability in the Arbitrum Vault. The IPOR team was notified and confirmed on January 6 that the vulnerability had resulted in a loss of approximately $336,000 USDC. This exploit only affected a specific older version of the Fusion Vault, and due to its unique configuration, it was the only vault susceptible to this particular attack vector. According to further analysis by SlowMist, the root cause of the incident lies in the underlying contract delegated by the EOA account controlled via EIP‑7702, which contained a security flaw allowing arbitrary external calls. The attacker exploited this flaw to create and configure a malicious circuit-breaker contract targeting the Plasma Vault, thereby illicitly extracting funds from the vault. The official statement noted that the loss represents less than 1% of the total funds secured by Fusion. The team is currently working with Security Alliance to track the funds and attempt recovery. IPOR DAO will cover the deficit from its treasury, and all affected depositors will receive full compensation. Additionally, according to CertiK, approximately $267,000 of the stolen funds have been cross‑chain transferred to the Ethereum network and subsequently moved into Tornado Cash. On January 7, the IPOR team announced on X that the funds have been recovered, and a 10% bounty agreement has been reached with the white-hat party, which will be covered by the IPOR DAO. The incident has now been concluded as a good-faith white-hat security event.
Amount of loss: $ 336,000 Attack method: Contract Vulnerability
Description of the event: According to CertiK Alert, a vulnerability involving a contract related to TMX on Arbitrum has been detected, with estimated losses of around $1.4 million. During the exploit loop, the attacker minted and staked TMX LP tokens using USDT, then swapped USDT for USDG, unstaked, and sold even more USDG.
Amount of loss: $ 1,400,000 Attack method: Contract vulnerability
Description of the event: Multiple suspicious transactions involving proxy contracts were detected on Arbitrum (ARB), with estimated losses of approximately $1.5 million. Preliminary analysis indicates that the sole deployer of the USDGambit and TLP projects may have lost access to their account. Subsequently, the attacker deployed a new contract and updated the ProxyAdmin permissions to seize control. The stolen funds were then bridged to the Ethereum network and deposited into Tornado Cash.
Amount of loss: $ 1,500,000 Attack method: Access control vulnerability
Description of the event: According to monitoring by SlowMist’s MistEye security monitoring system, potential suspicious activities related to @futureswapx have been detected. Further analysis indicates that the root cause lies in an attacker creating a malicious proposal and leveraging flash loans to vote, ultimately granting privileges to the attack contract and enabling it to transfer tokens from other users.
Amount of loss: $830,000 Attack method: Governance Attack
Description of the event: According to a BlockSec Phalcon alert, Sharwa.Finance disclosed that it had suffered an attack and subsequently suspended operations. However, several hours later, multiple suspicious transactions occurred again, suggesting that the attacker might have exploited the same underlying vulnerability through slightly different attack paths.In general, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a sandwich attack targeting the swap operations involving the borrowed assets. The root cause appears to lie in the lack of a bankruptcy check in the swap() function of the MarginTrading contract. This function is responsible for swapping borrowed assets from one token (e.g., WBTC) to another (e.g., USDC). It verifies solvency only once — based on the account state at the start of the swap — before executing the asset exchange, leaving room for manipulation during the process.Attacker 1 (address starting with 0xd356) conducted multiple attacks, earning approximately USD 61,000, while Attacker 2 (address starting with 0xaa24) executed a single attack, gaining around USD 85,000.
Amount of loss: $ 146,000 Attack method: Contract Vulnerability
Description of the event: AI-driven Web3 social platform UXLINK suffered an attack affecting platform-related assets, resulting in losses exceeding USD 11 million. Investigation showed that the attacker had prepared for months prior to the incident, impersonating a business partner and leveraging deepfake video conferencing as part of a social engineering scheme. Through these methods, the attacker gained access to the personal devices of several SAFE key holders and obtained sensitive information such as passwords and private keys. After gaining control over the legacy arb-UXLINK smart contract, the attacker executed unauthorized token minting and subsequently transferred and sold the assets. UXLINK CEO Rolland Saf stated that several million dollars have been recovered through immediate collaboration with exchanges, and all recovered funds have been allocated to buybacks in support of the community. In addition, significant security enhancements have been made to signing devices, internal processes, and infrastructure to prevent similar incidents from occurring in the future.
Amount of loss: $ 11,000,000 Attack method: Social Engineering
Description of the event: Ramon Recuero, co-founder of Kinto, a modular exchange platform in the Arbitrum ecosystem, tweeted about the recent attack, stating that the hacker exploited a vulnerability on Arbitrum that allowed unlimited minting of K tokens. The attacker minted 110,000 K and launched an attack targeting the Morpho Vault and a Uniswap v4 pool. The incident resulted in approximately $1.55 million in losses (ETH and USDC) and caused significant volatility in the price of the K token.
Amount of loss: $ 1,550,000 Attack method: Contract Vulnerability
Description of the event: On July 9, according to monitoring by MistTrack’s MistEye security system, the well-known decentralized trading platform GMX (@GMX_IO) suffered an attack, resulting in asset losses exceeding $42 million. Analysis indicates that the core of this attack lies in the exploitation of two features: the use of leverage when the Keeper system executes orders, and the update mechanism where the global average price adjusts during shorting operations but does not update when closing short positions. Leveraging these mechanics, the attacker conducted a reentrancy attack to create large short positions, manipulating the global short average price and the size of the global short position. This, in turn, artificially inflated the price of GLP, which the attacker then redeemed for profit. Following negotiation, the attacker returned all stolen funds and received a $5 million bounty.
Amount of loss: $ 42,000,000 Attack method: Contract Vulnerability
Description of the event: On May 16th, Demex's lending market Nitron was exploited, resulting in a loss of $950,559 in user funds. According to Demex's post-incident analysis, the root cause of the exploit was a donation-based oracle manipulation attack targeting the deprecated dGLP vault.
Amount of loss: $ 950,559 Attack method: Price Manipulation
Description of the event: NUMA was attacked on the Arbitrum chain, resulting in a loss of approximately $530,000. The attacker swapped all assets to ETH, bridged them to Ethereum mainnet, and deposited the funds into Tornado Cash.
Amount of loss: $ 530,000 Attack method: Price Manipulation
Description of the event: According to Moby Post-Mortem Report, on January 8, an attacker took control of the Private Key used to authorize upgrades to Moby’s core contracts, compromising the protocol. This led to the exposure of 3.77 wBTC, 207.76 wETH, and 1,500,351.5 USDC in the sOLP and mOLP liquidity pools. Of the stolen funds, 1,470,091.74 USDC was recovered with the assistance of Seal911 team.
Amount of loss: $ 2,500,000 Attack method: Private Key Leakage
Description of the event: The Arbitrum-based liquidity management project Orange Finance suffered a $830,000 asset theft due to a misconfigured multi-sig. The attacker gained ownership of each vault, modified their implementations, and withdrew both the deposited assets and excessively approved funds. About 94% (roughly $780,000) of the total loss came from deposited assets, while the remaining 6% (around $47,000) resulted from excessive approvals.
Amount of loss: $ 830,000 Attack method: Private Key Leakage
Description of the event: The contract of Ramses Exchange on Arbitrum was attacked, resulting in a loss of approximately $93,000.
Amount of loss: $ 93,000 Attack method: Contract Vulnerability
Description of the event: Tapioca DAO experienced a significant security breach, with attackers obtaining relevant private keys through social engineering attacks and stealing approximately $4.7 million in cryptocurrency. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because attackers successfully compromised the private keys of a core contributor responsible for smart contract development. SEAL911 confirmed that the attackers were part of a North Korean hacking group that used a contagious interview attack method to inject malware onto the contributor's computer, thereby gaining access to the private keys of their address to carry out the theft.
Amount of loss: $ 4,700,000 Attack method: Malware Attack
Description of the event: DeFi project DeltaPrime has officially confirmed on platform X that a security incident occurred. DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key.
Amount of loss: $ 5,980,000 Attack method: Private Key Leakage
Description of the event: According to on-chain detective ZachXBT, Sorta Finance is likely to conduct an exit scam on Arbitrum in the future, so do not use the protocol. This scammer has previously stolen over $25 million through scams such as Magnate, Kokomo, Lendora, Solfire, Crolend, and HashDAO.
Amount of loss: - Attack method: Scam
Description of the event: The arbitrum.com website appears to have been hacked and is being redirected to the official website of the Meme project MOG. Please stay vigilant and ensure the safety of your assets.
Amount of loss: - Attack method: DNS Attack
Description of the event: According to monitoring by the SlowMist security team, the MixedSwapRouter on Arbitrum was attacked, resulting in a loss of approximately 293,000 WINR, valued at around $16,000.
Amount of loss: $ 16,000 Attack method: Contract Vulnerability
Description of the event: The decentralized exchange Predy Finance on the Arbitrum chain was attacked, resulting in the loss of $464k worth of crypto assets from its lending pool.
Amount of loss: $ 464,000 Attack method: Contract Vulnerability
Description of the event: A hacker stole approximately $181,000 worth of crypto assets from Yield’s strategic contracts present on the Arbitrum blockchain. The hacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.
Amount of loss: $ 181,000 Attack method: Contract Vulnerability