Defi protocol Mozaic Finance suffers $2.4m heist  

8 months ago 46
ARTICLE AD

Mozaic Finance, a decentralized finance (defi) platform, suffered a security breach leading to a loss of $2.4 million.

The heist, which was traced back to a compromise in their private key infrastructure, underscores the escalating worries regarding security within the global defi ecosystem.

The breach, which caused a $2.4 million loss, targeted the Arbitrum chain on Mozaic, a layer 2 scaling solution for Ethereum (ETH) designed to enhance scalability and efficiency.

MOZAIC SECURITY INCIDENT

What Happened

• About 12 hours ago, ~$2M in funds from the Mozaic vaults were drained by a malicious actor

• This individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team…

— Mozaic 🔳 (@Mozaic_Fi) March 15, 2024

Per a comprehensive report from CertiK, the breach stemmed from a targeted compromise of a private key, a crucial security element in blockchain systems.

Exploiting this vulnerability, the attacker illicitly conducted transactions via the “bridgeViaLifi” contract, typically restricted to developer wallets.

Upon analyzing blockchain data, it was found that an account with the suffix “50eb” initiated the malicious activity, resulting in 27 token transfers, each involving significant sums of stablecoins.

Significantly, a notable fraction of these funds were tracked back to the original account, resulting in a cumulative loss surpassing $2 million. This event serves as a clear reminder of the resourcefulness and tenacity of attackers focused on the defi sector.

Following the attack, Mozaic Finance released a statement, acknowledging the breach and detailed their immediate actions.

They revealed that all pilfered funds had been transferred to MEXC, a centralized cryptocurrency exchange, offering a glimmer of hope for asset recovery.

With confidence in the legal process and centralized exchanges’ mechanisms for handling such incidents, they hinted at a potential avenue for reclaiming the stolen funds.

Mozaic Finance’s proactive stance, alongside its collaboration with security experts and law enforcement, sets a precedent for defi platforms in addressing security breaches.

This underscores the necessity of prompt action and transparency in mitigating the repercussions of such attacks on users and stakeholders.

MOZAIC SECURITY INCIDENT

What Happened

• About 12 hours ago, ~$2M in funds from the Mozaic vaults were drained by a malicious actor

• This individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team…

— Mozaic 🔳 (@Mozaic_Fi) March 15, 2024

Crypto heists, private key vulnerability

Recent cybersecurity incidents in the defi space underscore the critical importance of safeguarding private keys to prevent unauthorized access and fund siphoning.

Cybercriminals continue to target defi platforms, exploiting vulnerabilities to compromise security protocols and execute sophisticated attacks.

Private key compromises have also emerged as a significant threat, with attackers leveraging various tactics to gain access to users’ passcodes and subsequently drain funds from platforms like PlayDapp and Unizen.

A recent PlayDapp breach amounted to over $290 million and marked one of the largest hacks in crypto history. The attack involved an unauthorized addition to the PLA token’s minting address, leading to substantial losses. 

Despite attempts to negotiate with the hacker and pause the smart contract, the attacker continued to exploit vulnerabilities, minting additional tokens and laundering funds through exchanges like Paribu and HTX.

PlayDapp’s response included proposing a migration plan to introduce a new ‘PDA’ token with improved security features like multi-signature implementation.

On March 11, Unizen — another defi protocol — also suffered a hack resulting in approximately $2 million in losses. The breach exposed a critical “external call vulnerability” in one of Unizen’s smart contracts, allowing unauthorized access for fund theft.

To address the aftermath, Unizen CEO Sean Noga pledged personal funds to cover 99% of the losses for affected users, demonstrating a commitment to restitution and platform security enhancements.

Follow Us on Google News

Read Entire Article