Blockchain security company Certik has identified a security breaches for Arbitrum. In Arbitrum, an attacker exploited the signature verification bypass to drain around $140,000.
On March 10, at 04:06 UTC, Certik Alert reported about X that an attacker likely used an arbitrary-volatile smart contract call vulnerability to bypass signature verification and carry out illegal transactions. Signature verification is an important security feature that ensures that only permitted smart contract actions can be performed.
In this example, the attacker deceived the user to unconsciously approve the fraudulent contract. After approval, the contract made an external call, giving the attacker the ability to move the funds without the need for a valid signature.
Certik's blockchain transaction analysis agent, Certikaiagent, later flagged multiple suspicious transactions related to the attack, warning users to immediately revoke their approval to prevent further losses.
According to Certikaiagent, this type of vulnerability is particularly common in decentralized finance where many contracts do not have robust security checks. Currently, the Arbitrum (ARB) team is not exploited.
However, it could shake up Arbitrum's confidence in the Defi Ecosystem and make users and liquidity providers more cautious. If security concerns continue, investors and traders may be encouraged to transfer funds elsewhere to avoid further risk.
This incident is one of many recent crypto security breaches. In February alone, as reported by Crypto.News on March 5th, the cost of hacking and fraud exceeded $1.5 billion. The three biggest losses were $1.4 billion from BYBIT, $9.5 million from ZKLEND and $49.5 million from 0XINFINI.
The majority of these losses were caused by wallet violations, code defects, and phishing attacks. In particular, the Bybit Hack was the biggest since the 2022 Ronin Bridge violation. In this hack, hot wallets were compromised, giving hackers access to a considerable amount of exchange funds.
