Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Ecosystem » Exploiters drain $2 million from Mozaic Finance

Exploiters drain $2 million from Mozaic Finance

by

Mozaic Finance faces a security setback with a significant fund loss.

Exploiters drain $2 million from Mozaic Finance

Share this article

Cross-chain yield protocol Mozaic Finance suffered an exploit on Mar. 15, resulting in a loss of $2,012,789. Security firm CertiK reported that the vaults were compromised through a function named ‘bridgeViaLifi,’ which indicates a private key compromise (PKC) as it required authorization from the Master role, which is typically reserved for the most privileged entity within the contract’s hierarchy.

After snagging over $2 million, the exploiters deposited the funds into the crypto exchange MEXC. Mozaic announced the exploit on an X post and two hours later published a link for their refunding initiative for affected users, who were able to recover their funds by checking their wallets’ eligibility.

“In light of the recent exploit, we are committed to fully compensating affected users. Our plan includes immediate steps for security enhancements and detailed compensation procedures. We appreciate your patience and trust as we work to resolve this issue,” Mozaic stated on its refund page.

Exploits via PKC were the most harmful in 2023, with over $882 million stolen through those attack vectors, according to CertiK’s “Hack3d: The Web3 Security Report.”

Joe Green, Head of the Quick Response Team at CertiK, shared that 21 incidents involving PKC occurred in 2024, with losses exceeding $230 million. This already represents 26% of all the amount stolen last year.

Exploiters drain $2 million from Mozaic Finance
CertiK’s data on 2024’s exploits by PKC. Image: CertiK

“Unfortunately, it is likely that private key compromises will continue to be a major driver for losses throughout 2024. Last year we saw ~$882m lost to private key compromises and we’re already at ~$230m this year (according to our most up to date information),” Green concluded.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.