Certik于3月10日在UTC上发布了X上的警报，突出显示了仲裁网络中的“任意呼叫漏洞”。

攻击者在系统中使用此缺陷，欺骗用户批准欺诈性交易，这导致大约14万美元的损失。该消息再次引起了有关加密安全性的问题，许多加密平台增强了他们的安全措施。

CertiK, the leading blockchain security and data analytics company, has detected an arbitrary call vulnerability to circumvent signature validation on Arbitrum.

领先的区块链安全和数据分析公司Certik已检测到一个任意调用的漏洞，以规避索引签名验证。

The vulnerability allows attackers to deceive users into approving a malicious contract, which can then make external calls and siphon user funds without requiring any valid signatures. So far, the vulnerability has resulted in the theft of approximately $140k.

该漏洞使攻击者可以欺骗用户批准恶意合同，然后可以进行外部呼叫，并在不需要任何有效的签名的情况下进行启动用户资金。到目前为止，漏洞已导致盗窃约14万美元。

Arbitrum Vulnerability: A Pressing Concern for DeFi Security

仲裁漏洞：对Defi安全的紧迫关注

The vulnerability, which has now been patched, could be exploited by attackers to forge signatures and steal funds from unsuspecting victims. This exploit is typical of several smart contracts in the DeFi ecosystem, which are known to have weak security measures and can be easily manipulated by attackers.

现在已经修补的脆弱性可以被攻击者利用，以伪造签名并从毫无戒心的受害者身上窃取资金。这种利用是Defi生态系统中几个智能合约的典型特征，该合同已知安全措施较弱，并且很容易被攻击者操纵。

CertiK’s blockchain transaction monitoring system, CertiKAIAgent, detected multiple suspicious transactions linked to this exploit. After identifying the security breach, CertiK quickly urged users to revoke any associated approvals to prevent further losses.

Certik的区块链交易监控系统Certikaiagent检测到与此漏洞相关的多次可疑交易。确定安全漏洞后，Certik迅速敦促用户撤销任何相关的批准，以防止进一步的损失。

However, despite these efforts, the vulnerability has already resulted in significant losses for several users. The company is urging all users of the Arbitrum network to remain vigilant and take the necessary precautions to protect their assets.

但是，尽管做出了这些努力，但脆弱性已经导致了几个用户的巨大损失。该公司正在敦促索意网络的所有用户保持警惕，并采取必要的预防措施来保护其资产。

CertiK's Role in Mitigating Arbitrum Vulnerability

Certik在减轻索念脆弱性中的作用

Having identified the vulnerability and the ensuing activity, CertiK researchers have reached out to the Arbitrum team to coordinate further response and mitigation efforts.

确定了脆弱性和随之而来的活动后，Certik的研究人员已与仲裁团队联系，以协调进一步的响应和缓解工作。

"We have notified the Arbitrum team and are urging users to revoke any approval for the malicious contract to prevent further losses," said CertiK. "This vulnerability is common in the DeFi ecosystem, where several smart contracts have weak security measures and can be easily manipulated by attackers."

Certik说：“我们已经通知了仲裁团队，并敦促用户撤销对恶意合同的任何批准，以防止进一步的损失。” “这种漏洞在Defi生态系统中很常见，在Defi生态系统中，几个智能合约的安全措施较弱，并且很容易被攻击者操纵。”

So far, the Arbitrum team has not made an official announcement regarding the breach. However, the breach brings into question the security infrastructure of the Arbitrum DeFi platform.

到目前为止，仲裁团队尚未就违规行为进行正式宣布。但是，违规使索引基础架构质疑索引平台的安全基础架构。

If such vulnerabilities persist, they could diminish user confidence, prompting investors and liquidity providers to shift their funds to more secure platforms.

如果这样的漏洞持续存在，他们可能会降低用户信心，促使投资者和流动性提供商将其资金转移到更安全的平台上。