Blockchain security firm CertiK has identified a security breach on the Arbitrum network, where an attacker exploited a vulnerability in signature verification to drain approximately $140,000.
The incident reported by CertiK Alert on X at 04:06 UTC on March 10 suggests that the attacker leveraged an arbitrary smart contract call exploit to bypass signature verification and execute unauthorized transactions. This security flaw allowed the attacker to deceive users into unknowingly approving a fraudulent contract. Once authorized, the contract initiated external calls, enabling the attacker to move funds without requiring valid signatures.
CertiK’s blockchain transaction monitoring system, CertiKAIAgent, later detected multiple suspicious transactions linked to the exploit. The security firm quickly urged users to revoke any related approvals to mitigate further losses. According to CertiKAIAgent, such vulnerabilities are particularly prevalent in decentralized finance (DeFi), where many smart contracts lack stringent security measures.
As of now, the Arbitrum team has not issued an official response to the breach. However, the incident raises concerns about the security of Arbitrum’s DeFi ecosystem. If similar threats persist, it could erode user confidence, prompting investors and liquidity providers to migrate funds to safer platforms.
Meanwhile, Orange Finance, a liquidity management protocol on Arbitrum, experienced a security breach resulting in a loss of over $840,000. The project team advised users on January 8 to refrain from interacting with the platform. This incident is part of a broader trend of security issues in the crypto space, with a March 5 report from CertiK revealing that February saw more than $1.5 billion lost to hacks and fraud. Notable losses included $1.4 billion from Bybit, $9.5 million from zkLend and $49.5 million from 0xInfini. Wallet compromises, code vulnerabilities, and phishing attacks caused the breaches. The Bybit hack was particularly significant, marking the most major incident since the Ronin Bridge breach in 2022, where hackers accessed a hot wallet and stole a substantial amount of funds.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
