The blockchain security firm Cartic has identified a security violation on the mediator, where an attacker exploited a signature verification bypass for withdrawal of $ 140,000.
On March 10, on 04:06 UTC, Cartink Alert reported on X that an attacker used an arbitrary smart contract call vulnerability to bypass signature verification and make illegal transactions. Signature verification is an important safety facility that guarantees only the allowed smart contract actions.
In this example, the attacker inadvertently cheated users in authorizing a fraud contract. After approval, the contract made external calls, which gave the attacker the ability to move funds without the need for valid signature.
The blockchain transaction analysis agent of CertikaiGent, Certik, later marked several suspected transactions related to the attack, warned users to cancel immediate approval to prevent further damage.
According to CertikaiGent, such vulnerability is particularly common in decentralized finance, where there is no strong security check in lots of contracts. So far, Arbitrum’s (ARB) team has not responded to exploitation.
However, it can shake confidence in arbitral DEFI ecosystem, making users and liquidity providers more alert. If security concerns persist, investors and traders may be motivated to transfer money elsewhere to avoid any other risk.
This incident is one of many recent crypto security violations. In February alone, the price of hack and fraud was more than $ 1.5 billion, as Crypto.NEVS reported on 5 March. The three biggest disadvantages were from $ 1.4 billion to bibit, $ 9.5 million from Zklend and $ 49.5 million from 0xinfini.
Most of these damage was caused by wallet violations, code defects and fishing attacks. In particular, bybit hack was the largest since Ronin Bridge Brech in 2022. In this hack, a hot wallet was compromised, which provided hackers access to a significant amount of exchange funds.
