Mozaic Finance, a decentralized finance (defi) platform, experienced a security breach resulting in a loss of $2.4 million. This incident, linked to a compromise in their private key infrastructure, highlights growing concerns about security in the global defi ecosystem.
The breach targeted the Arbitrum chain on Mozaic, a layer 2 scaling solution for Ethereum (ETH), aimed at improving scalability and efficiency. According to a detailed report from CertiK, the breach stemmed from a targeted compromise of a private key, a critical security component in blockchain systems.
The attacker exploited this vulnerability to conduct unauthorized transactions through the “bridgeViaLifi” contract, typically accessible only to developer wallets. Blockchain analysis revealed that an account with the suffix “50eb” initiated the malicious activity, resulting in 27 token transfers involving substantial sums of stablecoins.
A significant portion of the stolen funds was traced back to the original account, resulting in a total loss exceeding $2 million. This incident underscores the determination and adaptability of attackers focusing on the defi sector.
In response to the attack, Mozaic Finance issued a statement acknowledging the breach and outlining immediate actions. They disclosed that the stolen funds had been transferred to MEXC, a centralized cryptocurrency exchange, offering a potential avenue for asset recovery through legal channels.
Mozaic Finance’s proactive approach, coupled with collaboration with security experts and law enforcement, sets a precedent for defi platforms in addressing security breaches. This emphasizes the importance of swift action and transparency in mitigating the impact of such attacks on users and stakeholders.
Additionally, recent cybersecurity incidents in the defi space highlight the critical need to safeguard private keys to prevent unauthorized access and fund theft. Cybercriminals continue to target defi platforms, exploiting vulnerabilities to execute sophisticated attacks. Private key compromises pose a significant threat, prompting platforms like PlayDapp and Unizen to enhance security measures and compensate affected users for losses incurred due to breaches.