Decentralized finance (DeFi) protocol Mozaic Finance suffered a security breach on March 15th, 2024, resulting in a loss of approximately $2.4 million. The suspected cause of the hack is a compromised private key.

Mozaic Finance, known for its yield optimization strategies across various blockchains, utilizes artificial intelligence to maximize investor returns. According to a statement released by the development team, the attacker exploited a developer wallet by calling a specific contract function typically inaccessible without such access.

Blockchain security firm CertiK posted an alert on X that confirmed the exploit, pinpointing the “bridgeViaLifi” contract function as the entry point. This function’s exclusivity to developer wallets strengthens the theory of a compromised private key. The subsequent analysis of blockchain data revealed multiple token transfers involving stablecoins worth hundreds of thousands of dollars each, ultimately funneling the stolen funds to an account on the centralized cryptocurrency exchange MEXC.

Blockchain data shows that an account ending in 50eb called this function at 6:08 a.m. UTC, resulting in 27 token transfers that each moved hundreds of thousands of dollars in stablecoin from one account to another, with part of these tokens ending up in the account that made the call. CertiK said total damages exceeded $2 million.

The “bridgeViaLifi” call resulted in the transfer of Mozaic Finance tokens. Source: Arbiscan

Mozaic Finance’s development team expressed confidence in recovering the stolen funds through legal channels due to the involvement of a centralized exchange. This incident highlights the ongoing security challenges within the DeFi space. It follows similar exploits earlier this month, with Unizen losing over $2 million and Seneca Finance suffering losses exceeding $6 million. The Mozaic Finance hack serves as a stark reminder of the importance of robust security measures for DeFi protocols and the need for heightened vigilance from investors.

Shares: