SlowMist|Jul 13, 2026 14:07
🚨SlowMist TI Alert🚨
💸 @Lumi_Finance Loss: ~ $264k
🔍 Root Cause: A vulnerability in Lumi smart accounts allowed token approvals to be performed as a side effect during UserOperation validation. Due to improper validation logic, an attacker-controlled paymaster could trigger approval operations during the validation phase and obtain ERC20 allowances from multiple smart accounts without explicit user intent.
📌 Attacker: 0xce1a3bb0b98d0d90c7dd0620ab86c9a771888d88
📌 Victim: Multiple Lumi smart accounts affected by unintended token approvals during UserOp validation
📌 Malicious contract: 0x56362412ae17cac443aafbab4289946ad958e8a1
The attacker abused a flaw in Lumi smart account UserOperation validation logic to obtain token allowances from multiple wallets through validation-time side effects. The attacker then used the malicious sweeping contract to batch drain approved ERC20 tokens, swapped the stolen assets into ETH, and transferred the proceeds to the attacker-controlled address.
Powered by #SlowMist.AI
Tx:
https://arbiscan.io/tx/0x630654fb1c8914405cf81bb02f091b049f19403a152f624f7b8a00c7724c6604
https://arbiscan.io/tx/0x020995ec0b5daafe8fab481e33b1b52fdbd6423578060a1f73fd2a9b9fb0ea90(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink