Mozaic Finance, a decentralized finance (DeFi) platform, recently fell victim to a hack on the Arbitrum network, resulting in the loss of $2.4 million.
The breach occurred due to a vulnerability in a private key, allowing the attacker to exploit a specific contract function called “bridgeViaLifi,” accessible only by a developer wallet. It’s suspected that the compromise of a private key led to this incident.
In an official announcement, Mozaic Finance revealed that the funds were held on the MEXC_Official exchange, expressing confidence that the necessary procedures would facilitate the return of the funds.
MOZAIC SECURITY INCIDENT
What Happened
• About 12 hours ago, ~$2M in funds from the Mozaic vaults were drained by a malicious actor
• This individual was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team…— Mozaic 🔳 (@Mozaic_Fi) March 15, 2024
Mosaic Developer Obtained Private Keys From Core Team Member’s Compromised Data
The perpetrator of the hack was identified as a Mozaic developer who illicitly obtained private keys from a core team member’s compromised data.
This security module, designed as a fail-safe vault mechanism, was in the process of being phased out before the incident occurred.
The developer capitalized on this limited window of opportunity despite recent security upgrades.
The Mozaic Vaults have been compromised.
Funds are currently held on @MEXC_Official and we are confident that once we have undertaken the necessary procedures, that these funds will be returned by the exchange.
Please bear with us as we will update you with the necessary…
— Mozaic 🔳 (@Mozaic_Fi) March 15, 2024
Simultaneously, an institutional investor with a significant MOZ position opted to exit due to the declining MOZ price and drained total value locked (TVL). The investor’s large sell-off triggered cascading sells, resulting in a substantial drop in the price of $MOZ, which has since lost over 12% of its value.
Mozaic Finance is actively working to recover the stolen funds from MEXC, and legal action is being pursued against the malicious actor.
Additionally, investigations into suspected accomplices are underway in collaboration with security partners and law enforcement. As part of the security measures, all Mozaic employees have had their access to internal systems revoked pending the completion of the internal investigation.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
Image Source: Max Bender/Unsplash // Image Effects by Colorcinch