Yield farming protocol Mozaic Finance experienced a breach on March 15 on the Arbitrum network, as revealed by a statement from the protocol’s development team. The team asserts that the attacker has transferred all the stolen funds to the centralized crypto exchange MEXC and remains “confident” that the funds will be retrieved.
Mozaic Finance functions as a decentralized finance and yield-optimization protocol across various blockchain networks, boasting the use of artificial intelligence (AI) programs to enhance investor returns.
Blockchain security firm CertiK issued an alert on X, confirming the exploit. According to CertiK’s report, the attacker exploited the system by invoking the “bridgeViaLifi” contract, a function accessible solely by a developer wallet. CertiK concluded that the underlying cause of the incident likely stemmed from a compromise of private keys.
#CertiKSkynetAlert 🚨@Mozaic_Fi has experienced an exploit with at least ~$2m lost.
Vaults belonging to the Mozaic project have been drained
Stolen funds have been transferred to Mexc pic.twitter.com/YDMUr9Fc93
— CertiK Alert (@CertiKAlert) March 15, 2024
Blockchain records indicate that an account ending in 50eb triggered this function at 6:08 am UTC, resulting in 27 token transfers, each moving hundreds of thousands of dollars in stablecoin from one account to another. Some of these tokens ended up in the account that initiated the call. CertiK estimated the total losses to exceed $2 million.
In a post on Discord dated March 15, the Mozaic team expressed optimism about recovering the funds through legal means, given that the proceeds from the alleged crime have been deposited into a centralized exchange.
The blockchain community continues to grapple with hacks and exploits. On March 9, decentralized finance protocol Unizen suffered a loss of over $2 million due to an external call vulnerability. The Unizen development team pledged immediate compensation for affected users. Similarly, on February 29, lending app Seneca Finance fell victim to an exploit, resulting in losses exceeding $6 million.