Incident Report: TMXTribe Vulnerability Analysis
Source: ShieldGuard Research / On-Chain Data
Executive Summary
ShieldGuard analysts are tracking an active exploit involving the TMXTribe protocol on the Arbitrum network. On-chain data indicates a Business Logic Flaw is currently being exploited to deplete liquidity pools.
Current Status:
- Confirmed Losses: ~$1.4M (Estimated)
- Risk Level: Critical (Do Not Interact)
The Exploit Mechanism
Preliminary review of the transaction logs suggests the following attack loop:
- Mint & Stake: Actor deposits USDT to mint LP tokens.
- Internal Swap: Actor swaps underlying assets (USDT → USDG).
- Logic Failure: The protocol fails to update the user’s balance post-swap, allowing the attacker to “Unstake” the original value despite the swap.
- Result: The pool is drained of both assets.
ShieldGuard Advisory
We advise the community to treat this protocol as Compromised.
- Immediate Action: Use a Revoke tool to remove allowances for TMXTribe contracts.
- Risk Mitigation: Avoid interacting with any “Compensation” links shared on social media, as these are likely secondary phishing attempts.
