A suspicious attack has been detected involving Ambient Finance on Ethereum, resulting in an approximately $110.6K loss. Security firm TenArmorAlert detected the incident after spotting unusual activity tied to the protocol on-chain.
The attack targeted Ambient Finance, a decentralized exchange that runs through a single smart contract. That setup appears to have exposed a weakness that allowed funds to move across multiple DeFi systems. The incident highlights how quickly attackers can take advantage of gaps in smart contract design before teams can react.
TenArmorAlert disclosed the incident in a post on X, stating: “Our system has detected a suspicious attack involving Ambient Finance on ETH, resulting in an approximately loss of $110.6K.”
Early blockchain data shows the attacker moved funds through several DeFi protocols shortly after the exploit. Transaction records reveal that the activity started with a transfer of 50 ETH, worth roughly $84,000, into a newly created smart contract. Soon afterwards, the funds entered Ambient Finance, where the attacker appears to have executed the exploit.
Funds moved across multiple protocols
Etherscan data shows the contract later received about 83.72 ETH, worth roughly $140,700, from Ambient Finance. That amount exceeded the initial deposit, meaning the attacker walked away with a higher balance after the exploit. The funds then moved into Wrapped Ether, which converts ETH into a token format used across DeFi systems.
After that, the attacker broke the funds into smaller transactions. One portion went into another smart contract. Another portion moved through Uniswap V4, a major decentralized exchange. The movement across multiple routes suggests the attacker was shifting and reorganizing the assets across different platforms rather than keeping them in one place.
Blockchain data also shows interaction with Titan Builder, a transaction execution service used by advanced traders and automated systems. This routing suggests the attacker optimized transaction execution after the exploit and attempted to manage fund flow across multiple DeFi routes.
Ambient’s growth reversed before the attack
The incident comes at a challenging time for Ambient Finance. The protocol, formerly known as CrocSwap, describes itself as a “Zero-to-One Decentralized Trading Protocol.” It runs all trading activity through a single smart contract instead of multiple systems.
DefiLlama data shows Ambient currently holds about $1.88 million in total value locked. Annualized fees stand near $376,000, while reported revenue remains at zero. The protocol also recorded about $1.95 million in trading volume over the past 30 days.
In the past, Ambient had significantly greater liquidity. For example, in 2024, liquidity on Ambient increased dramatically from a range of $120 million to $130 million because trading activities became more frequent. But starting towards the end of 2024, all that liquidity started to dwindle. By 2026, liquidity fell below $2 million.
This new exploit is another addition to many security attacks in DeFi throughout the year. Back in January 2026, some attackers hacked into SwapNet and Aperture Finance contracts and stole more than $17 million. Another recent loss was suffered by Wasabi Protocol, where attackers accessed one of their administrative keys and took more than $5 million.
While Ambient was designed to be efficient and low-cost due to the use of a single contract, the most recent attack has proved that such design could also prove risky.
Also Read: Syscoin Halts Bridge After Exploit Mints 5 Billion SYS Tokens