Mozaic Finance hacked for $2.4M via private key compromise
The yield farming app was exploited through a possible private key compromise, according to a CertiK report.
Yield farming protocol Mozaic Finance was exploited on March 15 on the Abitrum network, according to a statement from the protocol’s development team. The team claims that the attacker has deposited all the stolen funds to centralized crypto exchange MEXC and is “confident” the funds will be returned.
Mozaic Finance is a decentralized finance and yield-optimization protocol that runs on several different blockchain networks. It claims to employ artificial intelligence (AI) programs to maximize returns to investors.
Blockchain security firm CertiK posted an alert on X, stating that the exploit had occurred. In an accompanying report received by Cointelegraph, CertiK claimed that the attacker drained funds by calling the “bridgeViaLifi” contract, which is only callable by a developer wallet. Thus “the root cause of this incident appears to be a private key compromise,” CertiK concluded.
Related: Old Trust Wallet iOS vulnerability from 2018 may still affect some accounts
Blockchain data shows that an account ending in 50eb called this function at 6:08 am UTC, resulting in 27 different token transfers that each moved hundreds of thousands of dollars in stablecoin from one account to another, with some of these tokens ending up in the account that made the call. CertiK claimed that total losses added up to more than $2 million.
Hacks and exploits continue to plague blockchain users. On March 9, decentralized finance protocol Unizen lost over $2 million due to an external call vulnerability. In that case, the development team pledged to immediately compensate victims. On Feb. 29, lending app Seneca Finance was exploited for over $6 million in a similar incident.
In its March 15 Discord post, the Mozaic team expressed hope that the funds would be recovered through a legal process, as the proceeds of the alleged crime have been deposited into a centralized exchange.
Responses