Arbitrum Stablecoin Exploit Has Happy Ending: Funds Returned

SperaxUSD team said person associated with exploit is not a hacker, and the action was probably a case of “experimenting”

by Shalini Nagarajan /
article-image

A. Solano/Shutterstock.com modified by Blockworks

share

A yield-automating protocol on Arbitrum was exploited over the weekend in an incident that boosted the hacker’s balance of their US dollar stablecoin Sperax (USDS). 

But in a plot twist, the team said Tuesday all funds had been returned — pointing to a $300,000 USDC transaction — and that Sperax would soon provide a timeline to resume SperaxUSD transfers.

The “hybrid” stablecoin, which first notified its users of the attack on Sunday, published a report late Monday detailing what went down. 

Newsletter

Subscribe to Blockworks Daily

Although in its report SperaxUSD calls the person an “attacker,” the team has said separately in a tweet that the person associated with the address is “not a hacker,” and that it pledged not to  take any action if the funds were returned.

The team said the exploiter took advantage of an internal bug in the USDS token contract to change the balance to 9.7 billion on a multi-sig wallet. 

Before the team could block the contract, the attacker managed to exchange about $309,000 USDs to USDT, USDC and WETH. 

SperaxUSD said that on Dec. 13, it had upgraded the token contract to remedy an issue in the calculation of balances, which caused incompatibilities with DEXes. 

The exploit began with the attacker sending funds to a Gnosis Safe address, a multi-signature smart contract wallet, which triggered a bug in the USDs token contract. That’s how the balance jumped to 9.7 billion tokens.

The attacker then began to sell USDs on Arbitrum, likely 10,000 at a time. Some three hours after the attack, the SperaxUSD team was able to pause the action.

Holders of the USDs token have two types of tokens: rebasing (where supply is adjusted to control price) and non-rebasing. This means that a rebasing holder’s USDs balance increases automatically upon a rebase, which is triggered weekly. 

“Even though all the contracts that we develop go through multiple rounds of reviews and thorough testing, we still missed this edge case. We feel the attacker was just experimenting with the contract since the upgraded code is not published, however he/she did uncover a novel bug, it could have been an even worse situation (if it were planned),” the team said.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.jpg

Research

Evaluating Bluefin’s Precarious Market Position

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

by Marc-Thomas Arjoon, CFA

/

news

article-image

0xResearch NewsletterDeFi

A perp too far: Hyperliquid’s ‘validator put’

A memecoin short squeeze pushed Hyperliquid to the brink — and revealed decentralization limits

by Macauley Peterson /
article-image

The DropWeb3

Sam Altman’s World launches Mini Apps 1.2, lets devs build-to-earn

Tools for Humanity’s Developer Reward pilot program kicks off on April 1

by Kate Irwin /
article-image

AnalysisEmpire Newsletter

HyperLiquid faced a ‘tough situation’: Blockworks Research

Blockworks Research analyst Boccaccio explains the HyperLiquid controversy and why they need to adjust risk and margin

by Katherine Ross /
article-image

BusinessEmpire Newsletter

How memecoins impacted crypto last quarter: Grayscale

What Grayscale’s watching going into the second quarter and why crypto had a rough start to the year

by Katherine Ross /
article-image

Lightspeed NewsletterMarkets

Hyperliquid liquidation contributes to market uncertainty

Sol’s price drop was partially triggered by one of the year’s more chaotic memecoin events

by Jeff Albus /
article-image

FinanceForward Guidance Newsletter

Crypto vibes at the Exchange ETF event: Then and now

Are digital assets just part of “normal” finance conversations now?

by Ben Strack /