by Rubab Fatima
The Blockchain security company CertiK tracked a security failure on the Arbitrum network that allowed an attacker to take $140,000 from various smart contracts through a signature verification problem.
The team from CertiK received the first report of a hack on March 10 after their systems found unauthorized transactions linked to the criminal. The company investigated deeper and found that the attacker used a special smart contract vulnerability to pass through security protection systems.
We have detected multiple suspicious transactions on Arbitrum by 0x97d8170e04771826a31c4c9b81e9f9191a1c8613, who likely exploited an arbitrary call vulnerability to circumvent signature validation and drain ~$140K from various unverified swap adapter contracts… pic.twitter.com/mzfxoFBArF
— CertiK Alert (@CertiKAlert) March 10, 2025
CertiK’s Detection and User Warnings
Authorization security for smart contracts depends on signature verification to work correctly. The attacker deceived victims into validating a corrupted contract which let them perform unauthorized money transfers.
The attacker deployed a corrupted contract for the victims to accept. After their acceptance the fraudulent program activated outside actions allowing the hacker to steal funds without additional user signatures. CertiK detected the breach but its AI system CertiKaIAgent then notified users about the attack.
The hijacking attack pattern it detected follows what DeFi vulnerabilities usually present in attacks according to CertiKAIAgent findings. An opponent developed a harmful code that used weak points in swap adapter contracts to launch its attack.
🚨 POTENTIAL EXPLOIT DETECTED! 🚨#CertiKAIAgent
A suspicious transaction https://t.co/bvwvBNHrJy on Arbitrum may indicate an Arbitrary External Call Exploit!🔎 Key Findings:
⚠️ Victim unknowingly approved attacker’s contract
💰 External CALL detected – possible external…— CertikAIAgent (@CertikAIAgent) March 10, 2025
Users fell victim because they dialed in transactions they did not recognize allowing the fraudster to move their money out of their wallets. The attacker used external function calls to take assets from user wallets without going through the expected signature verification system.
At the end of the exploit the attacker used the common DeFi transferFrom() method to take the stolen assets. CertiKAIAgent tells users to cancel their contract approvals right away as a way to save money. Users question if Arbitrum can maintain their assets safe after this breach happened. Trader withdrawals grow which leads to instability of the network.
Bybit Hack Sets Record as Largest Blockchain Theft
The Arbitrum team has not announced their position on this matter at present. The security issue has clearly damaged the trust that users should properly have in the network. The intrusion against Arbitrum joins multiple major security breaches harming the entire cryptocurrency market.
Security experts from Immunefi reported in February 2025 that over $1.5 billion worth of cryptocurrency experienced theft and system failures from black-hat hackers. The largest known blockchain theft happened when Bybit platforms were attacked and lost $1.46 billion.
Different attacks affected Infini Stablecoin Bank which lost $49.5 million, zkLend was hit for $9.5 million, Ionic Money lost $8.6 million, and Cardex endured $400,000 theft after the hacker hacked their system. By 2025 the cryptocurrency sector has experienced more than 1.6 billion dollars worth of theft which exceeded losses reported in the year 2024.
Attacks on DeFi networks occurred more often yet CeFi platforms held the largest amount of stolen funds. The Bybit hack as a single event caused 95.5% of the funds lost in February which raised issues about the security standards of traditional trading platforms.
BNB Chain and Ethereum received four attacks each during February as they faced the majority of attacks among all blockchain networks. Everyone in the crypto world senses discomfort because Arbitrum has not addressed its security breach yet.
The platform’s success in DeFi depends on solving its security weaknesses because investors will lose trust and money which limits the platform’s market opportunity.
#blockchain #crypto, #decentralized, #distributed, #ledger
This news is republished from another source. You can check the original article here
