A CertiK assessment states that the yield farming app was compromised through a potential private key breach. The Mozaic Finance yield farming protocol was exploited on the Abitrum network on March 15, as the protocol’s development team reported in a statement. According to the team, the hacker has placed all of the stolen money on the centralised cryptocurrency market MEXC and is “confident” that it will be reimbursed.
Operating on many blockchain networks, Mozaic Finance is a decentralised finance and yield-optimization system. It makes the assertion that it uses artificial intelligence (AI) tools to optimise investor returns.
The attack had happened, according to a notice published on X by blockchain security company CertiK. The attacker allegedly used the “bridgeViaLifi” contract, which can only be called by a developer wallet, to drain cash, according to an accompanying report by CertiK. Therefore, “a private key compromise appears to be the root cause of this incident,” according to CertiK’s conclusion.
Blockchain information indicates that at 6:08 am UTC, an account ending in 50eb called this function. This led to the movement of hundreds of thousands of dollars’ worth of stablecoin across 27 distinct token transfers, some of which ended up in the account that initiated the call. CertiK asserted that almost $2 million had been lost in total.
Blockchain users are still plagued by exploits and hacks. A vulnerability in the external call of the decentralised finance protocol Unizen resulted in a loss of over $2 million on March 9. In such instance, the development team promised to pay victims right away. In a similar occurrence, the lending app Seneca Finance was taken advantage of for almost $6 million on February 29.
The Mozaic team stated in a March 15 Discord post that they were hopeful the money will be retrieved via a court proceeding because the earnings of the purported offence have been placed into a centralised exchange.