Lumi Finance Loses $270K in Arbitrum Exploit; Blockaid Flags Sodium Smart Account Flaw

Digital dashboard showing an exploit warning alert and declining financial chart in a server room.

Blockchain security firm Blockaid has flagged an ongoing exploit against Lumi Finance on the Arbitrum network, with estimated losses reaching approximately $270,000. The alert, issued on July 13, 2026, points to a vulnerability linked to the Sodium smart account system.

Security firm Blockaid detected an exploit on Lumi Finance, a protocol on the Arbitrum network, resulting in losses of approximately $270,000. The attack is linked to a vulnerability in the Sodium smart account system, where attackers used a malicious Paymaster to gain token approvals. Users are advised to monitor official channels and review their own account approvals.

Blockaid stated that its exploit detection system identified the incident as ongoing, meaning further losses could still occur. The firm reported that funds had already been drained by the time the public alert was released. The report from Wu Blockchain corroborated the findings, noting that the attack path involved token approvals during a UserOp (user operation) verification process.

Also read: CLARITY Act Update: Did JPMorgan Actually Back the Crypto Market Structure Bill?

Attack Path Points to Malicious Paymaster

According to the preliminary analysis shared by Blockaid and translated by Wu Blockchain, the exploit exploited a flaw in how the Sodium smart account handles token approvals. In decentralized finance (DeFi), a token approval allows a separate contract to move tokens from a user’s wallet. In this case, the approval was allegedly executed during the UserOp verification step, a process designed to validate transactions before they are finalized on the blockchain.

The attackers reportedly used a malicious Paymaster to allow the exploit. A Paymaster is a component in account abstraction systems that can sponsor transaction fees or enforce custom rules. In this scenario, the malicious Paymaster was used to gain unauthorized approvals from multiple accounts, enabling the transfer of funds.

Also read: South Korea Crypto Exchange Volume Drops Below KRW 10 Trillion, Lowest Since 2023

Context and User Guidance

The incident underscores ongoing security challenges in the DeFi space, particularly around smart account architectures. While smart accounts offer enhanced user experience and flexibility, their logic requires rigorous auditing. The exploit on Lumi Finance adds to a list of attacks that have targeted account abstraction implementations.

As of the time of reporting, Lumi Finance had not released a detailed public statement regarding the incident. Security best practices in the wake of such events often include users reviewing their token approvals. Tools like Etherscan’s token approval checker or dedicated security dashboards can help users identify and revoke permissions to potentially compromised contracts.

The final loss amount and the full technical details of the attack path are expected to be clarified in subsequent updates from security teams and the Lumi Finance project itself.

Frequently Asked Questions

What happened to Lumi Finance?

Lumi Finance suffered a suspected exploit on the Arbitrum network, with security firm Blockaid reporting approximately $270,000 in funds drained. The incident is linked to a vulnerability in the Sodium smart account system.

What is the Sodium smart account vulnerability?

The vulnerability involves token approvals being executed during a UserOp verification process. Attackers used a malicious Paymaster to gain approvals from multiple accounts, allowing them to transfer funds.

What should Lumi Finance users do?

Users should wait for an official statement from Lumi Finance. As a precaution, they can review and revoke risky token approvals using trusted security tools to reduce exposure if the contract remains compromised.

Who reported the Lumi Finance exploit?

The exploit was first flagged by blockchain security firm Blockaid, which said its exploit detection system identified the ongoing incident. Wu Blockchain later provided a translated update on the preliminary findings.

Zoi Dimitriou

Written by

Zoi Dimitriou

Zoi Dimitriou is a cryptocurrency analyst and senior writer at CryptoNewsInsights, specializing in DeFi protocol analysis, Ethereum ecosystem developments, and cross-chain bridge security. With seven years of experience in blockchain journalism and a background in applied mathematics, Zoi combines technical depth with accessible writing to help readers understand complex decentralized finance concepts. She covers yield farming strategies, liquidity pool dynamics, governance token economics, and smart contract audit findings with a focus on risk assessment and investor education.

Leave a Reply

Your email address will not be published. Required fields are marked *