Mozaic Finance, a decentralized finance (defi) platform, suffered a loss of $2.4 million due to a security breach.
The heist, which was traced to a compromise of private key infrastructure, highlights growing concerns about security within the global DeFi ecosystem.
The breach, which resulted in $2.4 million in losses, targeted Mozaic’s Arbitrum chain, a layer 2 scaling solution for Ethereum (ETH) designed to improve scalability and efficiency.
By comprehensive report According to CertiK, the breach was caused by a targeted compromise of private keys, a critical security element of blockchain systems.
By exploiting this vulnerability, attackers were able to illegally conduct transactions via the “bridgeViaLifi” contract, which is typically restricted to developer wallets.
Analysis of blockchain data revealed that an account with the suffix “50eb” initiated malicious activity, resulting in 27 token transfers, each involving significant amounts of stablecoins.
Importantly, a significant portion of these funds were traced back to their original accounts, resulting in cumulative losses exceeding $2 million. This event serves as a clear reminder of the resourcefulness and tenacity of attackers focused on the defi sector.
Following the attack, Mozaic Finance released the following statement: nameIt acknowledged the breach and detailed immediate action.
They revealed that all the stolen funds had been transferred to MEXC, a centralized cryptocurrency exchange, offering a glimmer of hope for asset recovery.
With confidence in the legal procedures and mechanisms of centralized exchanges to handle such cases, they hinted at potential ways to recover stolen funds.
Mozaic Finance’s proactive stance and collaboration with security experts and law enforcement agencies has set a precedent for DeFi platforms in addressing security breaches.
This highlights the need for immediate action and transparency to mitigate the impact of attacks on users and stakeholders.
Cryptocurrency heist, private key vulnerability
Recent cybersecurity incidents in the justice space highlight the critical importance of protecting private keys to prevent unauthorized access and loss of funds.
Cybercriminals continue to target DeFi platforms by compromising security protocols and exploiting vulnerabilities to launch sophisticated attacks.
Private key compromise has also emerged as a serious threat, with attackers utilizing a variety of tactics to gain access to users’ passwords and subsequently exfiltrate funds from platforms such as PlayDapp and Unizen.
The recent PlayDapp breach was worth over $290 million, making it one of the largest hacks in cryptocurrency history. The attack involved unauthorized additions to the issuing addresses of PLA tokens, resulting in significant losses.
Despite attempts to negotiate with the hackers and suspend smart contracts, the attackers continued to exploit vulnerabilities, mint additional tokens and launder funds through exchanges such as Paribu and HTX.
PlayDapp’s response included a proposed migration plan to introduce a new ‘PDA’ token with improved security features such as multi-signature implementation.
On March 11, another DeFi protocol, Unizen, was also hacked, resulting in a loss of approximately $2 million. The breach exposed a serious “foreign currency vulnerability” in one of Unizen’s smart contracts, allowing unauthorized access for theft of funds.
To address the fallout, Unizen CEO Sean Noga pledged personal funds to compensate 99% of the losses of affected users, demonstrating his commitment to compensation and strengthening platform security.