Suspicious Transactions on Arbitrum Network Lead to $1.5M Loss
Cyvers Alerts reports a suspected deployer compromise on Arbitrum, enabling attackers to alter ProxyAdmin settings for USDGambit and TLP projects before moving stolen funds through Tornado Cash.
ETH
ARB
Summary
Cyvers Alerts detected proxy-related transactions on Arbitrum causing about $1.5 million in losses. Preliminary findings indicate the single deployer for USDGambit and TLP lost account access, allowing attackers to update ProxyAdmin controls and take over affected contracts. The stolen funds were transferred to Ethereum and funneled through Tornado Cash.
Terms & Concepts
- Proxy contract: A smart contract pattern that forwards calls to an implementation contract for upgradeability; weak admin controls can allow malicious upgrades.
- ProxyAdmin: An administrative control for upgradeable proxies that can change the implementation or permissions; compromise enables attackers to alter contract behavior.
- Tornado Cash: A privacy-focused mixer on Ethereum that obscures transaction trails by pooling deposits and withdrawals, often used to launder stolen funds.