Lumi Finance Attacked, Losing Approximately $270,000

By: rootdata|2026/07/14 08:33:00

Lumi Finance was attacked on July 13, resulting in a loss of approximately $270,000. The vulnerability originated from the validateUserOp function in the Sodium smart account contract (ERC-4337) on Arbitrum, which contained a logical flaw when calling _validateSignature to verify signatures. The attacker passed their address as the signer parameter, causing ECDSA.tryRecover to fail without reverting, and instead called the isValidSignature function in the attack contract, successfully passing the verification. The attacker exploited this vulnerability to execute a Token approve operation during the UserOperation verification, obtaining approval to access ERC20 tokens from multiple smart accounts without the payer's consent.

-- Price

--

Disclaimer: This content is provided for general branding and informational purposes only and doesn't constitute financial, investment, legal, or tax advice. Any events, rewards, online events, or related information mentioned herein should not be considered a recommendation, solicitation, or invitation to purchase, sell, trade, or otherwise deal in any crypto assets or to use any services. Crypto assets are highly volatile and may result in loss. WEEX services and online events may not be available in all regions and are subject to applicable laws, regulations, and eligibility requirements. You are responsible for ensuring that your use of WEEX services complies with local laws and for carefully assessing the risks before participating in any crypto-related activities.

You may also like

iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com