CertiK Discovers Signature Verification Bypass on Arbitrum, Leading to $140K Loss
PorAinvest
lunes, 10 de marzo de 2025, 2:38 am ET1 min de lectura
CTK--
The attacker took advantage of a fraudulent contract that made external calls without requiring valid signatures. CertiK alerted users to revoke approvals immediately to prevent further losses, emphasizing the importance of vigilance in the face of potential security threats [1].
This incident serves as a stark reminder of the risks associated with DeFi and the need for robust security measures. In recent years, DeFi has gained significant traction due to its potential to provide greater financial access and transparency. However, as the ecosystem grows, so too do the risks [2].
The attack on Arbitrum follows a similar pattern to the infamous Bybit incident in February 2025, where an attacker obtained three valid signatures to authorize a transaction that replaced the Safe's multi-sig wallet implementation contract with a malicious one, resulting in the loss of approximately $1.46 billion [3].
The Bybit incident marked the largest breach in Web3 history and highlighted the importance of secure coding practices and user education. The attacker in this case exploited a vulnerability in the Safe protocol, which is widely used in the DeFi ecosystem [3].
As the DeFi ecosystem continues to evolve, it is crucial that developers prioritize security and that users remain vigilant. CertiK's discovery of the Arbitrum security breach underscores the importance of ongoing security audits and the need for users to exercise caution when interacting with decentralized platforms [1].
References:
[1] CertiK. (2025, March 17). Arbitrum Security Breach: $140,000 Drained. Retrieved from https://www.certik.com/resources/blog/3wI26AFKF1UtSDjJEXNEDM-arbitrum-security-breach
[2] DeFi Pulse. (n.d.). Total Value Locked. Retrieved from https://defipulse.com/
[3] Decrypt. (2025, February 22). Bybit Hack: $1.46 Billion Stolen in Largest Crypto Heist Ever. Retrieved from https://decrypt.co/73278/bybit-hack-1-46-billion-stolen-largest-crypto-heist-ever
Blockchain security firm CertiK has identified a security breach on Arbitrum where an attacker exploited a signature verification bypass to drain about $140,000. The attacker deceived users into authorizing a fraudulent contract that made external calls without requiring valid signatures. CertiK alerted users to revoke approvals immediately to prevent further losses. The breach highlights concerns about security in decentralized finance and may prompt users to transfer funds elsewhere to avoid risks.
The decentralized finance (DeFi) ecosystem has been rocked by yet another security breach. According to blockchain security firm CertiK, an attacker exploited a signature verification bypass on Arbitrum, a popular layer-2 scaling solution, to drain approximately $140,000 from unsuspecting users [1].The attacker took advantage of a fraudulent contract that made external calls without requiring valid signatures. CertiK alerted users to revoke approvals immediately to prevent further losses, emphasizing the importance of vigilance in the face of potential security threats [1].
This incident serves as a stark reminder of the risks associated with DeFi and the need for robust security measures. In recent years, DeFi has gained significant traction due to its potential to provide greater financial access and transparency. However, as the ecosystem grows, so too do the risks [2].
The attack on Arbitrum follows a similar pattern to the infamous Bybit incident in February 2025, where an attacker obtained three valid signatures to authorize a transaction that replaced the Safe's multi-sig wallet implementation contract with a malicious one, resulting in the loss of approximately $1.46 billion [3].
The Bybit incident marked the largest breach in Web3 history and highlighted the importance of secure coding practices and user education. The attacker in this case exploited a vulnerability in the Safe protocol, which is widely used in the DeFi ecosystem [3].
As the DeFi ecosystem continues to evolve, it is crucial that developers prioritize security and that users remain vigilant. CertiK's discovery of the Arbitrum security breach underscores the importance of ongoing security audits and the need for users to exercise caution when interacting with decentralized platforms [1].
References:
[1] CertiK. (2025, March 17). Arbitrum Security Breach: $140,000 Drained. Retrieved from https://www.certik.com/resources/blog/3wI26AFKF1UtSDjJEXNEDM-arbitrum-security-breach
[2] DeFi Pulse. (n.d.). Total Value Locked. Retrieved from https://defipulse.com/
[3] Decrypt. (2025, February 22). Bybit Hack: $1.46 Billion Stolen in Largest Crypto Heist Ever. Retrieved from https://decrypt.co/73278/bybit-hack-1-46-billion-stolen-largest-crypto-heist-ever
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios