Defi protocol Mozaic Finance, Arbitrum gets robbed of $2.4 million

Decentralized finance (defi) platform Mosaic Finance has suffered a security breach, resulting in a loss of $2.4 million.

The heist was traced back to a breach of private key infrastructure and highlights growing security concerns within the global DeFi ecosystem.

The breach, which caused losses of $2.4 million, targeted the Arbitrum chain on Mozaic, a layer 2 scaling solution for Ethereum (ETH) designed to enhance scalability and efficiency.

Overall report According to CertiK, the breach occurred through a targeted compromise of private keys, a critical security element in blockchain systems.

By exploiting this vulnerability, attackers fraudulently executed transactions via the “bridgeViaLifi” contract, which is typically restricted to developer wallets.

Analysis of blockchain data revealed that an account with the suffix “50eb” initiated malicious activity that resulted in 27 token transfers, each involving a large amount of stablecoin. did.

Importantly, a significant portion of these funds were traced back to the original accounts, resulting in cumulative losses in excess of $2 million. This event serves as a stark reminder of the resourcefulness and tenacity of attackers focused on the DeFi sector.

After the attack, Mozaic Finance statementadmitted the violation and detailed the immediate actions.

They revealed that all stolen funds were transferred to MEXC, a centralized cryptocurrency exchange, offering a glimmer of hope for asset recovery.

Confident in the legal procedures and centralized exchange mechanisms to deal with such incidents, they hinted at potential avenues to recover stolen funds.

Mozaic Finance's proactive stance, along with its cooperation with security experts and law enforcement agencies, sets a precedent for defi platforms when dealing with security breaches.

This highlights the need for swift action and transparency to reduce the impact of such attacks on users and stakeholders.

Cryptocurrency heist, private key vulnerability

Recent cybersecurity incidents in the DeFi space highlight the critical importance of protecting private keys to prevent unauthorized access and siphoning of funds.

Cybercriminals continue to target defi platforms, exploiting vulnerabilities to compromise security protocols and conduct sophisticated attacks.

Private key compromise has also emerged as a significant threat, with attackers using a variety of tactics to gain access to users' passcodes and then exfiltrate funds from platforms such as PlayDapp and Unizen.

The recent PlayDapp breach totaled over $290 million, making it one of the largest hacks in cryptocurrency history. This attack involved the unauthorized addition of PLA tokens to minting addresses, leading to significant losses.

Despite attempts to negotiate with hackers to suspend smart contracts, attackers continued to exploit the vulnerabilities, mint additional tokens, and laundered funds through exchanges such as Paribu and HTX.

PlayDapp's response included a proposed transition plan that would introduce a new “PDA” token with enhanced security features such as multi-signature implementation.

On March 11th, another defi protocol, Unizen, was also hacked, resulting in a loss of approximately $2 million. The breach exposed a critical “external call vulnerability” in one of Unizen's smart contracts, allowing unauthorized access for funds theft.

To deal with the aftermath, Unizen CEO Sean Noga pledged to cover 99% of the losses of affected users with personal funds, demonstrating his commitment to compensation and strengthening the platform's security. Ta.

Follow us on Google News