On March 10 at 04:06 UTC, CertiK Alert reported on X that the attacker had exploited an arbitrary smart contract invocation vulnerability to bypass signature verification and perform illegal transactions. Signature verification is a critical security feature that ensures that only permitted actions of a smart contract can be executed.
In this case, the attacker deceived users by inadvertently authorizing a fraudulent contract. Once approved, the contract began making external calls, allowing the attacker to transfer funds without requiring a valid signature.
CertiKAIAgent, CertiK’s blockchain transaction analysis agent, later flagged multiple suspicious transactions related to the attack, and warned users to immediately cancel approvals to prevent further losses.
According to CertiKAIAgent, the team has not yet responded to this exploit.
However, it may undermine trust in the DeFi Arbitrum ecosystem, causing users and liquidity providers to be more cautious. If security concerns persist, investors and traders may be asked to move funds elsewhere to avoid further exposure.
This incident is just one of many cryptocurrency security breaches that have occurred recently. Crypto.News reported on March 5 that hacks and fraud cost exchanges more than $1.5 billion in February alone. The three biggest losses were $1.4 billion from Bybit, $9.5 million from ZKLend, and $49.5 million from 0xInfini.
Most of these losses were caused by wallet breaches, code flaws, and phishing attacks. Notably, the Bybit hack is the largest hack in 2022 after the Ronin Bridge hack. During this hack, a hot wallet was compromised, giving hackers access to a large amount of the exchange’s funds.
.png)
.png)
.png)
.png)
0 Comments