Key Highlights
- Arbitrum lost $1.5M as attackers exploited a smart contract flaw, showing risks of poor access controls in decentralized finance platforms.
- The breach followed a precise, coordinated attack, draining USDT and USDG, highlighting how fast hackers can move once contracts are compromised.
- Blockchain users face growing threats from malware and social engineering, including fake Zooms and stolen Telegram accounts.
Arbitrum has faced a security scare as $1.5 million in digital assets vanished through a proxy contract exploit. The attack involved sophisticated manipulation of smart contract controls.
According to Cyvers Alerts, the attacker gained control of the Upgradeable Proxy contract tied to the USDGambit and TLP projects. Once access was secured, funds quickly moved to Ethereum and deposited to Tornado Cash.
Details of the transaction show the breach was part of a structured sequence where the attacker took control and moved the funds almost immediately. One of the central addresses suffered losses of about $667,000 in USDT.
How the attack unfolded
Cyvers Alerts depicts abnormal behavior of the contract, unusual funding patterns, and suspicious receiving addresses. These together suggest that the activity deviated sharply from normal usage. Once the attacker had manipulated contract access, there were two main addresses: the victim and the perpetrator. The rapid movements of funds by the attacker mirror patterns seen in prior exploits of smart contracts, showing that thorough planning and execution occurred.
This is not the first incident that the network of Arbitrum has witnessed. Back in July last year, a decentralized exchange platform known as WOOFi lost a total of 8.75 million in a flash loan attack on its lending market. The attackers justified the exploitation of the prices of the WOOFi token by taking out a loan of 7.7 million WOO. This incident showed the existence of certain weaknesses in the algorithm of the prices of the token.
Moreover, the Arbitrum network experienced technical issues with its sequencer in December of 2023. There was too much traffic on the network, which resulted in delays in transactions, canceled public gatherings, and apprehensions among the community members. Similar circumstances also emerged in June of 2023.
Broader threat landscape
This exploit is part of a rising trend of cybercrimes in crypto. In November 2025, Kaspersky reported a Windows-based malware campaign named Stealka, which disguised itself as game cheats and pirated software to steal digital wallets, primarily affecting younger users. North Korean hackers have also intensified attacks, creating fake Zoom and Teams meetings to steal cryptocurrencies and sensitive information.
Also Read: StarkNet Faces Network Outage Amid Surging Stablecoin Growth
