CertiK posted an alert on X at 04:06 UTC on March 10, highlighting the “arbitrary call vulnerability” within the Arbitrum network.

Using this flaw in the system, attackers deceived users into approving fraudulent transactions, which led to draining approximately $140k. This news again stirred questions on crypto security, and many crypto platforms enhanced their security measures.

CertiK, the leading blockchain security and data analytics company, has detected an arbitrary call vulnerability to circumvent signature validation on Arbitrum.

The vulnerability allows attackers to deceive users into approving a malicious contract, which can then make external calls and siphon user funds without requiring any valid signatures. So far, the vulnerability has resulted in the theft of approximately $140k.

Arbitrum Vulnerability: A Pressing Concern for DeFi Security

The vulnerability, which has now been patched, could be exploited by attackers to forge signatures and steal funds from unsuspecting victims. This exploit is typical of several smart contracts in the DeFi ecosystem, which are known to have weak security measures and can be easily manipulated by attackers.

CertiK’s blockchain transaction monitoring system, CertiKAIAgent, detected multiple suspicious transactions linked to this exploit. After identifying the security breach, CertiK quickly urged users to revoke any associated approvals to prevent further losses.

However, despite these efforts, the vulnerability has already resulted in significant losses for several users. The company is urging all users of the Arbitrum network to remain vigilant and take the necessary precautions to protect their assets.

CertiK's Role in Mitigating Arbitrum Vulnerability

Having identified the vulnerability and the ensuing activity, CertiK researchers have reached out to the Arbitrum team to coordinate further response and mitigation efforts.

"We have notified the Arbitrum team and are urging users to revoke any approval for the malicious contract to prevent further losses," said CertiK. "This vulnerability is common in the DeFi ecosystem, where several smart contracts have weak security measures and can be easily manipulated by attackers."

So far, the Arbitrum team has not made an official announcement regarding the breach. However, the breach brings into question the security infrastructure of the Arbitrum DeFi platform.

If such vulnerabilities persist, they could diminish user confidence, prompting investors and liquidity providers to shift their funds to more secure platforms.