CertiK Identifies $140K Signature Verification Exploit on Arbitrum

Blockchain security firm CertiK has detected a significant exploit on Arbitrum, where an attacker leveraged a signature verification vulnerability to steal approximately $140,000 from various smart contracts.

The breach, identified on March 10, was initially flagged by CertiK’s alert system, which pointed to multiple suspicious transactions carried out by the attacker.

#CertiKInsight 🚨

We have detected multiple suspicious transactions on Arbitrum by 0x97d8170e04771826a31c4c9b81e9f9191a1c8613, who likely exploited an arbitrary call vulnerability to circumvent signature validation and drain ~$140K from various unverified swap adapter contracts… pic.twitter.com/mzfxoFBArF

— CertiK Alert (@CertiKAlert) March 10, 2025

How the Hacker Stole $140K from Arbitrum

CertiK revealed that the exploit was executed through an arbitrary smart contract call vulnerability, effectively allowing the attacker to bypass signature verification mechanisms.

Typically, signature verification ensures that only authorized smart contract actions can be executed.

However, in this case, the attacker managed to deceive victims into unknowingly approving a fraudulent contract.

Once granted approval, the malicious contract initiated external calls, allowing the attacker to transfer funds without requiring legitimate user signatures.

CertiK’s AI-powered transaction monitoring tool, CertiKAIAgent, later issued a follow-up alert, warning users about the exploit.

According to CertiKAIAgent, the attack followed a predictable but highly effective method often seen in DeFi security breaches.

🚨 POTENTIAL EXPLOIT DETECTED! 🚨#CertiKAIAgent
A suspicious transaction https://t.co/bvwvBNHrJy on Arbitrum may indicate an Arbitrary External Call Exploit!

🔎 Key Findings:
⚠️ Victim unknowingly approved attacker’s contract
💰 External CALL detected – possible external…

— CertikAIAgent (@CertikAIAgent) March 10, 2025

The attacker first deployed a malicious contract to exploit vulnerabilities in unverified swap adapter contracts.

Unsuspecting users then unknowingly approved the contract, providing the attacker with the necessary permissions.

By leveraging external function calls, the attacker bypassed signature verification and transferred funds out of user wallets.

Finally, the stolen assets were withdrawn via the `transferFrom()` function, which is commonly used in DeFi transactions.

Furthermore, the AI urged affected users to revoke contract approvals immediately to mitigate further losses.

The attack on Arbitrum could erode confidence in the platform, especially if security loopholes persist. Such incidents often lead to liquidity providers and traders withdrawing funds.

The Arbitrum team has yet to respond publicly to the incident. However, it is clear something is definitely not right on the chain.

Crypto Security Breaches: A Growing Concern

The attack on Arbitrum is the latest in a series of high-profile security breaches plaguing the cryptocurrency sector.

A recent report by Immunefi, a leading blockchain security firm, detailed that February 2025 saw an astronomical surge in losses due to crypto hacks and exploits.

According to the report, total losses in February reached a staggering $1.5 billion, an almost 20x increase from January’s $73.9 million.

🚨Losses in the crypto ecosystem increased by 20x month-over-month in February compared to January 2025, according to @immunefi.#cryptohack #cryptofraudhttps://t.co/djRj7WL9on

— Cryptonews.com (@cryptonews) February 28, 2025

The biggest contributor to these losses was the Bybit exchange hack, which accounted for $1.46 billion and was the largest crypto hack in history.

Other significant breaches included Infini Stablecoin Bank, which lost $49.5 million; zkLend, which suffered a $9.5 million exploit; Ionic Money, which reported losses of $8.6 million; and Cardex, which lost $400,000 due to an attack.

Year to date, the cryptocurrency sector has already suffered over $1.6 billion in losses, surpassing the total losses recorded for the entirety of 2024.

Interestingly, the report highlights that while decentralized finance (DeFi) suffered more attacks, centralized finance (CeFi) platforms accounted for a significantly larger portion of total funds lost.

The Bybit hack alone contributed to over 95.5% of total losses in February, reinforcing concerns about the security of centralized exchanges.

Meanwhile, BNB Chain and Ethereum were the most frequently targeted blockchain networks, experiencing four attacks each.

As it stands now, Arbitrum has yet to release an official statement, and the attack has undoubtedly caused commotion in the crypto community, especially those that use the chain.

If this security concern remains unaddressed, the chain risks losing user trust and liquidity, potentially stalling further growth.