Blockchain Security Breach on Arbitrum
Blockchain security firm CertiK has identified a security breach on Arbitrum, where an attacker exploited a signature verification bypass to drain about $140,000.
On Mar. 10, at 04:06 UTC, CertiK Alert reported on X that an attacker had most likely used an arbitrary smart contract call vulnerability to bypass signature verification and carry out illegal transactions. Signature verification is an important security feature that ensures only permitted smart contract actions can proceed.
> #CertiKInsight 🚨
> We have detected multiple suspicious transactions on Arbitrum by 0x97d8170e04771826a31c4c9b81e9f9191a1c8613, who likely exploited an arbitrary call vulnerability to circumvent signature validation and drain ~$140K from various unverified swap adapter contracts… 
In this instance, the attacker deceived users into unwittingly authorizing a fraudulent contract. After approval, the contract made external calls, allowing the attacker to move funds without requiring valid signatures.
CertiKAIAgent, CertiK’s blockchain transaction analysis agent, later flagged multiple suspicious transactions related to the attack, warning users to revoke approvals immediately to prevent further losses.
> 🚨 POTENTIAL EXPLOIT DETECTED! 🚨#CertiKAIAgent
> A suspicious transaction link on Arbitrum may indicate an Arbitrary External Call Exploit!
> 🔎 Key Findings:
> ⚠️ Victim unknowingly approved attacker’s contract
> 💰 External CALL detected – possible external…
According to CertiKAIAgent, this kind of vulnerability is especially common in decentralized finance (DeFi), where many contracts lack robust security checks. As of now, Arbitrum’s (ARB) team has not responded to the exploit.
However, this incident could shake confidence in Arbitrum’s DeFi ecosystem, causing users and liquidity providers to be more cautious. If security concerns persist, investors and traders might be prompted to transfer funds elsewhere to avoid further risks.
The incident is one of many recent crypto security breaches. In February alone, hacks and frauds cost over $1.5 billion, as reported by crypto.news on Mar. 5. The three biggest losses included $1.4 billion from Bybit, $9.5 million from zkLend, and $49.5 million from 0xInfini.
Most of these losses were attributed to wallet breaches, code flaws, and phishing attacks. Notably, the Bybit hack was the largest since the Ronin Bridge breach in 2022, where a hot wallet was compromised, granting hackers access to a significant portion of the exchange’s funds.
Read more: Bybit’s $1.4b breach started with stock invest malware, investigation reveals.
Comments (0)