Certik於3月10日在UTC上發布了X上的警報，突出顯示了仲裁網絡中的“任意呼叫漏洞”。

攻擊者在系統中使用此缺陷，欺騙用戶批准欺詐性交易，這導致大約14萬美元的損失。該消息再次引起了有關加密安全性的問題，許多加密平台增強了他們的安全措施。

CertiK, the leading blockchain security and data analytics company, has detected an arbitrary call vulnerability to circumvent signature validation on Arbitrum.

領先的區塊鏈安全和數據分析公司Certik已檢測到一個任意調用的漏洞，以規避索引簽名驗證。

The vulnerability allows attackers to deceive users into approving a malicious contract, which can then make external calls and siphon user funds without requiring any valid signatures. So far, the vulnerability has resulted in the theft of approximately $140k.

該漏洞使攻擊者可以欺騙用戶批准惡意合同，然後可以進行外部呼叫，並在不需要任何有效的簽名的情況下進行啟動用戶資金。到目前為止，漏洞已導致盜竊約14萬美元。

Arbitrum Vulnerability: A Pressing Concern for DeFi Security

仲裁漏洞：對Defi安全的緊迫關注

The vulnerability, which has now been patched, could be exploited by attackers to forge signatures and steal funds from unsuspecting victims. This exploit is typical of several smart contracts in the DeFi ecosystem, which are known to have weak security measures and can be easily manipulated by attackers.

現在已經修補的脆弱性可以被攻擊者利用，以偽造簽名並從毫無戒心的受害者身上竊取資金。這種利用是Defi生態系統中幾個智能合約的典型特徵，該合同已知安全措施較弱，並且很容易被攻擊者操縱。

CertiK’s blockchain transaction monitoring system, CertiKAIAgent, detected multiple suspicious transactions linked to this exploit. After identifying the security breach, CertiK quickly urged users to revoke any associated approvals to prevent further losses.

Certik的區塊鏈交易監控系統Certikaiagent檢測到與此漏洞相關的多次可疑交易。確定安全漏洞後，Certik迅速敦促用戶撤銷任何相關的批准，以防止進一步的損失。

However, despite these efforts, the vulnerability has already resulted in significant losses for several users. The company is urging all users of the Arbitrum network to remain vigilant and take the necessary precautions to protect their assets.

但是，儘管做出了這些努力，但脆弱性已經導致了幾個用戶的巨大損失。該公司正在敦促索意網絡的所有用戶保持警惕，並採取必要的預防措施來保護其資產。

CertiK's Role in Mitigating Arbitrum Vulnerability

Certik在減輕索念脆弱性中的作用

Having identified the vulnerability and the ensuing activity, CertiK researchers have reached out to the Arbitrum team to coordinate further response and mitigation efforts.

確定了脆弱性和隨之而來的活動後，Certik的研究人員已與仲裁團隊聯繫，以協調進一步的響應和緩解工作。

"We have notified the Arbitrum team and are urging users to revoke any approval for the malicious contract to prevent further losses," said CertiK. "This vulnerability is common in the DeFi ecosystem, where several smart contracts have weak security measures and can be easily manipulated by attackers."

Certik說：“我們已經通知了仲裁團隊，並敦促用戶撤銷對惡意合同的任何批准，以防止進一步的損失。” “這種漏洞在Defi生態系統中很常見，在Defi生態系統中，幾個智能合約的安全措施較弱，並且很容易被攻擊者操縱。”

So far, the Arbitrum team has not made an official announcement regarding the breach. However, the breach brings into question the security infrastructure of the Arbitrum DeFi platform.

到目前為止，仲裁團隊尚未就違規行為進行正式宣布。但是，違規使索引基礎架構質疑索引平台的安全基礎架構。

If such vulnerabilities persist, they could diminish user confidence, prompting investors and liquidity providers to shift their funds to more secure platforms.

如果這樣的漏洞持續存在，他們可能會降低用戶信心，促使投資者和流動性提供商將其資金轉移到更安全的平台上。