Catenaa, Wednesday, March 19, 2025 – Blockchain security firm CertiK has uncovered a $140,000 exploit on Arbitrum, which was executed through a signature verification vulnerability.
The exploit allowed an attacker to bypass standard contract approvals and withdraw funds from multiple unverified swap adapter contracts.
The incident, detected on March 10, 2025, involved the attacker utilizing an arbitrary smart contract call vulnerability to execute fraudulent transactions without user consent. CertiK’s monitoring system flagged the exploit after suspicious activities were identified.
The attack unfolded when users unknowingly approved a malicious contract, which the hacker used to access funds through external calls, bypassing signature validation. The stolen funds were subsequently withdrawn using the `transferFrom()` function, a common method in decentralized finance (DeFi) transactions. CertiK’s AI-powered tool, CertiKAIAgent, later issued a warning, urging users to revoke contract approvals to prevent further losses.
This exploit is part of a larger wave of security breaches affecting the crypto industry. A report from Immunefi revealed that crypto hacks and exploits reached $1.5 billion in losses in February 2025, with DeFi platforms being the most targeted. The attack on Arbitrum, which has yet to be addressed by the platform, could further erode confidence in the blockchain and prompt users to withdraw their assets, damaging its reputation.
