Losses reach $1.5M as attackers access two DeFi smart contracts on Arbitrum

On-chain research noted outflows from two Arbitrum-based projects. An attacker managed to gain access to two projects, launching a malicious smart contract. Two Arbitrum projects launched by the same deployer suffered unauthorized withdrawals for an estimated $1.5M. The attacker managed to gain admin access, replacing smart contracts with malicious versions. Cyvers Alert noted multiple suspicious transactions on Arbitrum, still one of the most active Ethereum-compatible L2 networks. Preliminary research showed the deployer of USDGambit and TLP projects may have lost access to their account. This allowed the attacker to launch a new contract with ProxyAdmin permissions, controlling both DeFi projects. The stolen funds were bridged back to Ethereum and mixed. Arbitrum attack follows similar small-scale smart contract exploits The recent attack extends the trend of relatively sophisticated and targeted attacks against smaller protocols. Crypto hacks slowed down in the past year, but DeFi and individual wallets, as well as smart...

https://www.cryptopolitan.com/arbitrum-projects-smart-contract-attacks/