TMX Platform Faces $1.4 Million Loss Due to Smart Contract Vulnerability

Decentralized trading platform TMX was hacked by cybercriminals, resulting in a significant loss estimated at around $1.4 million USD. CertiK’s security team, a trusted auditing and security firm, discovered an unauthorized smart contract linked to the TMX platform that was targeted on the Arbitrum chain.

CertiK Report Explains Attack Mechanism on Arbitrum Network

According to ChainCatcher messages relayed from CertiK’s monitoring, the attackers exploited a specific vulnerability in the smart contract infrastructure. The targeted contract operates directly on the Arbitrum network, one of the popular scaling solutions on blockchain. A comprehensive analysis by CertiK experts revealed the nature of the breach and the steps taken by the hackers to access the protected assets.

Technical Details of Asset Drain from TMX Platform

The hackers executed a series of coordinated, repeated operations aimed at extracting assets from the contract’s treasury. Their strategy involved multiple steps, including repeated minting, depositing liquidity into the TMX/USDT liquidity pool, converting USDT to USDG, then withdrawing liquidity and selling additional USDG. This cycle was repeated multiple times, allowing the attackers to successfully access various stored assets, including USDT and trusted cryptocurrencies like Wrapped SOL and WETH.

Lessons Learned for DeFi Platform Security

This incident highlights the importance of comprehensive security audits of smart contracts before deployment on blockchain networks. Platforms like TMX and other decentralized exchanges need to strengthen verification and protection mechanisms to prevent such attacks. It also underscores the necessity of ongoing monitoring by specialized security firms like CertiK to detect potential threats in a timely manner.