Key Takeaways
- The attack was carried out through a calculated compromise of a private key
- The attacker exploited a vulnerability in the “bridgeViaLifi” contract, a function typically restricted to developer wallets
Yield farming protocol Mozaic Finance experienced a significant setback on March 15 when it fell victim to a sophisticated cyberattack on the Arbitrum network, a layer 2 scaling solution for Ethereum.
The attack resulted in a substantial loss of $2.4 million for the decentralized finance platform. Mozaic Finance, known for its yield optimization protocol, operates across multiple blockchain networks, offering users opportunities to earn rewards through various liquidity pools and farming strategies.
The attack was carried out through a calculated compromise of a private key, a critical security component in blockchain technology. The attacker exploited a vulnerability in the “bridgeViaLifi” contract, a function typically restricted to developer wallets. By gaining unauthorized access to this function, the attacker executed a series of transactions, leading to the misappropriation of funds from Mozaic Finance.
In response to the incident, the Mozaic team promptly issued a statement acknowledging the cyberattack and expressing confidence in the potential recovery of the stolen funds. According to the team, the attacker deposited the illicitly obtained funds into a centralized cryptocurrency exchange, MEXC. Despite the setback, Mozaic Finance remains optimistic about the possibility of reclaiming the stolen assets through legal channels.
The breach attracted the attention of blockchain security firm CertiK, which conducted a detailed analysis of the attack. CertiK’s investigation revealed that the malicious activity originated from an account identified by its suffix “50eb.”
This account triggered a series of 27 token transfers, involving significant amounts of stablecoin, which were moved between various accounts. Subsequent analysis indicated that a substantial portion of the stolen funds ultimately flowed back to the initiating account, resulting in a cumulative loss exceeding $2 million for Mozaic Finance.
DeFi platforms have been the subject of several hacks in recent months. Earlier this month, a Unizen exploit led to over $200 Million being drained.
