Mozaic Finance hacked for $2.4 million via private key compromise

According to a report from CertiK, the yield farming service may have been the victim of a potential private key compromise attack.
Yield farming - This is the practice of lending crypto assets in order to receive high interest or income in cryptocurrency. This innovative but risky and volatile form of decentralized finance (DeFi) has grown significantly in popularity recently, driven in part by innovations such as liquidity mining.

Mozaic Finance message confirming the hack. Source: Mozaic Finance, Discord.

Mozaic Finance is a decentralized finance and profitability optimization protocol running on several different blockchain networks. The organization claims to use artificial intelligence (AI) programs to maximize returns for investors.
Blockchain security company CertiK has issued an exploit alert on Platform X. In its report, CertiK claims that the attacker stole funds by calling the "bridgeViaLifi" contract, accessible only through the developer's wallet. Therefore, according to CertiK, “the primary cause of this incident appears to be compromise of the private key.”
Blockchain analytics indicate that the cryptocurrency address “...50eb” called the specified function at 6:08 a.m. UTC. This resulted in 27 different token transactions, each of which moved hundreds of thousands of dollars in stablecoins from one account to another. Some of these tokens ended up in the account that initiated the function call. CertiK claims total losses amounted to more than $2 million.

Source: Arbiscan

Recently, cases of hacks and exploits caused by vulnerabilities in blockchain protocols have become more frequent.
On March 9, decentralized finance protocol Unizen lost more than $2 million due to an external challenge vulnerability. In response to this, the developers promised to compensate the victims.
A similar incident occurred on February 29th with the lending app Seneca Finance, which was hacked for more than $6 million.
In a Discord post on March 15, the Mozaic team expressed hope for a refund through legal proceedings, since the proceeds of the alleged crime were moved to a centralized exchange.
AML Crypto opinion
The conclusion from the situation with the hacking of the DeFi service is simple, annoying, but at the same time extremely important. We at AML Crypto and this situation once again reminds you of the importance of properly storing all the data of your crypto address, as well as correctly assessing the risks of earning tools.

And checking your wallet for risk is possible in our solution Btrace - aml address verification is free for every new user.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend