**Arbitrum DEX Faces Major Exploit: TMX Protocol Loses $1.4M in Multi-Stage Attack**

Security firm CertiK has identified a critical vulnerability in an unverified smart contract tied to the decentralized exchange TMX, operating on the Arbitrum network. The breach resulted in the loss of approximately $1.4 million in user assets.

**How the Attack Unfolded**

The exploitation reveals a sophisticated multi-step process. The attacker leveraged a recursive exploit pattern involving TMX LP tokens, repeatedly cycling through a series of actions: minting and staking LP positions denominated in USDT, converting USDT into USDG tokens within the protocol, unstaking the positions, and subsequently liquidating the accumulated USDG holdings.

**Assets Drained from the Protocol**

Through this cyclical attack mechanism, the hacker successfully siphoned multiple token types from the contract reserves, including USDT, wrapped SOL (wSOL), and wrapped Ethereum (WETH). The tiered extraction strategy allowed the attacker to exploit price discrepancies and liquidity dynamics within the TMX ecosystem without immediate detection.

**Implications for the Community**

This incident underscores the importance of contract verification and auditing before launch. The unverified status of the compromised contract is a significant red flag that likely contributed to the vulnerability's persistence. Users engaging with decentralized protocols are advised to prioritize verified contracts and review CertiK's security reports as part of their due diligence process.