Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards
Square
Latest
Hot
News
Profile

TMX DEX contract on Arbitrum hacked: $1.4 million lost, attacker cleverly exploits minting-staking-exchange cycle

LiquiditySurfervip
robot
Abstract generation in progress

【Crypto World】A serious security incident has occurred on the Arbitrum network. According to CertiK’s monitoring data, an unaudited contract associated with the decentralized exchange TMX was hacked, resulting in approximately $1.4 million in losses.

The hacker’s tactics are not particularly complicated, but executed very cleverly. They repeatedly perform a set of actions: first mint TMX LP tokens, then stake them to exchange for USDT and other assets, then convert USDT into the USDG stablecoin, and finally unstake and sell large amounts of USDG. Through multiple cycles, the hacker successfully drained USDT, wrapped SOL, and WETH from the contract little by little.

This incident serves as a reminder of how risky unverified DeFi contracts can be. Before participating in any liquidity mining or staking projects, always ensure that the contract has undergone professional security audits.

SOL5,05%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • Repost
  • Share
Comment
Add a comment
Add a comment
MechanicalMartelvip
· 01-08 17:14
It's the unverified contract causing trouble again—1.4 million lost. The combo of minting, staking, and swapping is truly unbeatable.
View OriginalReply0
LiquidityWizardvip
· 01-08 06:10
honestly, the mint-stake-swap loop is just... *statistically speaking*, a pretty textbook extraction mechanism once you map out the liquidity flows. 1.4M gone because nobody bothered auditing? ngl that's negligent, but also kinda predictable given how many unaudited contracts are just floating around rn
Reply0
RugDocDetectivevip
· 01-06 03:09
It's another case of an unaudited contract causing trouble. This minting-staking-exchange cycle is essentially infinite money printing. TMX is really in trouble this time.
View OriginalReply0
MetaverseLandlordvip
· 01-06 03:09
Once again, an unverified contract causing trouble. How many times has it been 1.4 million now? Truly unbelievable.

---

TMX's minting-staking-exchange process is really straightforward and brutal. Hackers have exploited the vulnerabilities thoroughly.

---

No way, here we go again. Arbitrum needs to investigate how many more hidden issues there are.

---

The USDG to USDT cycle... It seems the contract design never considered someone would play like this.

---

Watching hackers repeatedly siphon funds, I just want to ask: where did the audits go? Still daring to launch without verification?
View OriginalReply0
BrokenRugsvip
· 01-06 03:00
Once again, it's the unverified contract causing trouble. These project teams really need to be more cautious.

---

Minting - Staking - Exchange cycle, in simple terms, it's just the old trick of repeatedly scamming users. I find it embarrassing to even prevent this.

---

1.4 million gone, just blatantly swept off the chain, it's ridiculous.

---

I knew that the Arbitrum ecosystem projects are a mixed bag, and sure enough, another one has appeared.

---

TMX got away this time, but to be honest, I've seen this kind of vulnerability several times before.
View OriginalReply0
OldLeekMastervip
· 01-06 02:55
Another unverified contract, these projects really need to be more cautious

---

Mint - Stake - Exchange, cycle and cut, this method is almost a template now

---

140,000 just gone like that, it’s painful to watch

---

Launching without an audit, no wonder it gets hacked. Remember this lesson next time

---

This trick is basically just a way to get something for nothing, with a lot of contract design flaws

---

Arbitrum security really needs to be rectified, hackers are too rampant

---

USDT converted to USDG for cash-out, quite thoughtful, but the contract gave the opportunity

---

Another painful lesson, how many projects dare to skip audits and go live
View OriginalReply0

  • Pin

Sitemap