"Suspicious Transactions Spotted on Arbitrum Network… Signs of Roughly $1.5 Million Stolen by Abusing Proxy Contracts"
공유하기
Summary
- It said signs were confirmed that suspicious transactions exploiting proxy contracts on the Arbitrum network led to losses of about $1.5 million.
- Cyvers Alert said its analysis indicates the operator account for USDGambit and the TLP project was exposed, allowing an attacker to change ProxyAdmin privileges and take control of existing proxy contracts.
- The stolen funds were moved from the Arbitrum network to the Ethereum network and deposited into Tornado Cash; it stressed the importance of administrator privilege management in proxy architectures and urged heightened caution from project operators and infrastructure providers.
Suspicious transactions believed to have exploited proxy contracts were spotted on the Arbitrum network, with indications confirming losses of about $1.5 million.
On the 5th, blockchain security firm Cyvers Alert said via X (formerly Twitter) that it had "detected multiple suspicious transactions related to proxy contracts on the Arbitrum network" and that "the estimated damage so far is about $1.5 million."
According to Cyvers Alert’s initial analysis, an operator account that single-handedly deployed and managed the USDGambit and TLP projects is believed to have been exposed externally. The attacker who obtained this account reportedly deployed a new contract and then changed the administrator privileges (ProxyAdmin) to be under their control, thereby taking control of the existing proxy contracts.
The funds siphoned off in the process were moved from the Arbitrum network to the Ethereum network and then deposited into Tornado Cash, a privacy mixer used to obscure fund flows.
Cyvers Alert said, "This case once again shows how critical administrator privilege management is in proxy architectures," adding that "special caution is needed from project operators and infrastructure providers to prevent similar security incidents."
