2026-01-05 10:20:37

The Arbitrum ecosystem recently experienced a contract security incident. The security monitoring team discovered a series of suspicious proxy contract operations on the ARB network, involving approximately $1.5 million.

The incident was triggered when the deployer accounts of the USDGambit and TLP projects were accessed abnormally. The attacker then used this as a foothold to deploy malicious contracts on the network. Even more severely, they modified the permissions of ProxyAdmin, successfully taking control of the proxy contracts.

The stolen funds did not stay on the Arbitrum network but were transferred to Ethereum via cross-chain bridges. Ultimately, the money was sent to a mixing pool, effectively laundering it. This incident serves as a reminder to all project teams — the security management of proxy contracts and the safekeeping of private keys, which may seem basic, are critical. Once compromised, the consequences can be truly severe.

ARB10,85%

ETH6,77%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

6 Likes

Reward
6
7
Repost
Share

Comment

0/400

GasWhisperer

· 01-07 18:03

proxy admin perms went sideways again... watching the mempool patterns, this is predictable chaos tbh. same old song—150k USD just evaporated into the eth mixer. wonder how long before we see the fee arbitrage opportunities spike from recovery attempts

Reply0

DAOdreamer

· 01-06 03:24

Once again, the private key management issue arises. When will these project teams learn their lesson? --- $1.5 million is gone just like that; the mixing pool was washed out, it's really outrageous. --- The threshold for proxy contracts is so low that they can be attacked, which shows that project security awareness definitely needs to be improved. --- Cross-chain bridging has become an escape route; it feels like this entire process has been thoroughly understood. --- I've heard of the USDGambit projects before, and they got hacked just like that? That's a bit embarrassing. --- If basic security isn't done well, why are they still raising funds and going live? It's truly baffling. --- ProxyAdmin permissions were changed... this is a typical case of the foundational defense line completely collapsing.

View OriginalReply0

unrekt.eth

· 01-05 16:20

150万美元就这么飘了，ProxyAdmin权限都能被改？Arbitrum这安全漏洞得补一补啊又是私钥问题，这些项目方什么时候才能长点心跨链桥一用资金就没了，mixer一转就永别，这操作我看过太多次了基础安全做不好还敢发币，离谱智能合约审计真的得狠抓，不然下一个就是你的rug Web3就这样，今天是他的钱，明天就不知道是谁的了 ProxyAdmin被夺控这种低级失误竟然还在发生，得了混币池最绝，完美洗白，追踪难度直接拉满这就是为什么我从不把大头放在某条链上，分散风险才是王道又一起，每周都有新花样，麻了

Reply0

NFT_Therapy_Group

· 01-05 10:50

Another 1.5 million gone, I'm truly speechless. Private keys really must be treated as life itself, not just a joke. Once ProxyAdmin permissions are taken away, it's all over. This lesson is deeply learned. Cross-chain coin washing tricks are really hard to guard against. Basic security management is ironically the easiest to overlook.

View OriginalReply0

PessimisticLayer

· 01-05 10:50

It's the proxy contract causing trouble again. These project teams really need to be more cautious. Storing private keys like decorations, and $1.5 million just disappeared like that. Once you put funds into the mixing pool, they are basically washed clean. That's the most disgusting part. The Arbitrum ecosystem is once again shrouded in doubt. Who would still dare to interact with confidence?

View OriginalReply0

AirdropHunter

· 01-05 10:47

It's the same old proxy contract setup, and this time Arbitrum got the short end of the stick... $1.5 million just disappeared without a trace, really hard to hold back Reinforcing private key management is never too much, many project teams are still operating without proper security Cross-chain coin washing methods are all played out, liquidity pools are always the final financial refuge The basics are often the most critical, this lesson is deeply learned ProxyAdmin permissions were changed... what a ridiculous operational process

View OriginalReply0

LightningWallet

· 01-05 10:27

Once again, private key management failure. When will this routine learn its lesson? ProxyAdmin permissions were so casually changed? Luckily, it's only 1.5 million. Cross-chain transfer of ETH and mixing coins, this set of operations is truly top-notch. It's still better to set up a multi-signature wallet yourself. Don't trust any single point of management.

View OriginalReply0