Lumi Finance loses about $270K in an Arbitrum exploit as Blockaid links the attack to Sodium smart account approvals.
Lumi Finance is facing a suspected exploit on Arbitrum after security firm Blockaid detected abnormal activity. Current losses are estimated at about $270,000.
Blockaid said its exploit detection system identified an ongoing incident linked to the Lumi Finance protocol. The firm said funds had already been drained when it issued the alert.
Wu Blockchain also reported the incident, citing Blockaid’s early analysis of the attack path. The report said the issue appears connected to the Sodium smart account.
The case involves token approvals during a UserOp verification process. Attackers allegedly used a malicious Paymaster to gain approvals from several accounts.
Exploit Detected on Arbitrum
Blockaid reported that the suspected attack affected Lumi Finance on Arbitrum. Arbitrum is a Layer 2 network built to process Ethereum transactions more cheaply. The reported loss stood near $270,000 at the time of the alert.
🚨Blockaid’s exploit detection system has identified an ongoing exploit related to @Lumi_Finance protcol on Arb.
~$270k drained so far.
More details in 🧵— Blockaid (@blockaid_) July 13, 2026
The firm said the exploit detection system flagged the incident as ongoing. That means the situation may still require monitoring by users and security teams. No final loss figure had been confirmed in the provided reports.
Wu Blockchain later shared a translated update on the same incident. The account said preliminary findings pointed to a smart account issue. It also named Sodium as the account system linked to the suspected flaw.
Sodium Smart Account Issue Cited
The early analysis said the vulnerability involved token approvals during UserOp verification. A UserOp is a user operation used in account-based transaction systems. It helps smart accounts process actions before they reach final execution.
安全公司 Blockaid 表示,其检测到 Arbitrum 上 Lumi Finance 协议正在遭受攻击,目前损失约 27 万美元。初步分析显示,漏洞与 Sodium 智能账户有关,其在 UserOp 验证过程中执行代币授权,导致攻击者可通过恶意 Paymaster 获取多个账户授权并转移资金。https://t.co/lYLQt0E2OJ
— 吴说区块链 (@wublockchain12) July 13, 2026
Token approval allows another contract to move tokens from a wallet. This is common in DeFi, but unsafe approval logic can create risk. In this case, approvals were allegedly granted during the verification process.
The reports said attackers used a malicious Paymaster in the exploit. A Paymaster can help pay transaction costs or manage transaction rules. Here, the malicious setup allegedly helped attackers receive approvals and transfer funds.
Read also: Humanity Protocol Confirms $36M Exploit After Employee Laptop Breach, H Token Crashes 90%
Users Await Further Confirmation
The incident remains based on early findings from Blockaid and related market reports.
Lumi Finance had not been quoted with a detailed response in the provided information. Users may wait for direct updates from the project before taking further action.
Security teams often advise users to review approvals after DeFi incidents. Removing risky approvals can reduce exposure if a contract remains unsafe. However, users should rely on trusted tools and official guidance.
The case adds to ongoing concerns around smart account security in DeFi. Smart accounts can improve user experience, but their logic must be carefully tested. Further updates may clarify the full loss amount and the exact attack route.





Be the first to comment