Blockchain security firm Blockaid flagged an active smart contract exploit draining $132,700 from ShapeShift’s FOX Colony on Arbitrum.
Summary
- The attacker targeted the executeMetaTransaction function in FOX Colony’s contracts, using a delegate call to redirect funds to a malicious contract.
- A second related exploit drained an additional $50,000 shortly after the initial attack, bringing total losses to approximately $182,700.
- Blockaid warned every Colony Network deployment exposing executeMetaTransaction on top of EtherRouter, across any chain, may face the same vector.
Blockaid flagged the incident on X on May 13, identifying the attacker wallet at 0xeed236Afb6967f74099a0a6bf078BC6b865fbf28. FOX Colony is ShapeShift’s community governance and participation programme, allowing FOX token holders to stake, vote, and engage in ecosystem activities through Colony Network contracts on Arbitrum.
According to Blockaid’s analysis, the vulnerability sits in the executeMetaTransaction function. The attacker meta-signed a targeted transaction, repointed the colony’s resolver to a malicious contract, and then used a delegate call to drain the funds.
Because any external address can call the affected registration function without permission modifiers, the flaw is effectively equivalent to making a copy of the protocol’s key available to any attacker who finds it.
Why other Colony Network protocols remain at risk
Blockaid alerted the broader DeFi community that every Colony Network colony exposing executeMetaTransaction on top of EtherRouter, across any chain, shares the same potential attack surface. ShapeShift had not issued a public statement on the exploit at the time of writing.
The warning continues a difficult run for DeFi security in 2026. Blockaid previously flagged a $5 million exploit on Wasabi Protocol across Ethereum and Base in April, where a compromised admin key was used to drain multiple vault contracts.
Earlier in May, Blockaid identified a $6.7 million exploit on TrustedVolumes, a DeFi liquidity provider serving 1inch and other aggregators. April 2026 logged the worst month for DeFi exploits on record, with approximately $625 million drained across 28 separate incidents.
The firm also warned CoW Swap users in April of a frontend hijack where attackers compromised the project’s site to serve malicious transaction prompts. Blockaid screens over 500 million blockchain transactions per month and provides security infrastructure to Coinbase, MetaMask, Uniswap, and OKX.
crypto.news
#Blockaid #warns #active #smart #contract #exploit
