DeFi Faces Trust Issues: User Access Enables Latest Base Blockchain Vulnerability

CertiK, a prominent name in blockchain security, has disclosed that an unverified contract on the Base blockchain was exploited, causing users who had previously granted permissions to lose 55 Wrapped Ether (WETH), as detailed in a

. This event draws attention to persistent security gaps in decentralized finance (DeFi), where smart contract vulnerabilities continue to pose significant risks for both investors and developers.

The breach involved an unverified contract—an immediate warning sign within DeFi, where transparency and thorough auditing are standard expectations. CertiK’s investigation found that users had already authorized the compromised contract, which allowed the attacker to exploit these permissions and siphon off funds. Although the precise method of the attack is still being examined, the incident emphasizes the necessity of comprehensive smart contract reviews and careful user practices, according to the GlobeNewswire announcement.

This Base network exploit is part of a larger pattern of DeFi security incidents, where unverified contracts and improper permission management are frequent attack vectors. CertiK’s findings highlight that even well-audited projects can be at risk if users engage with unverified or inadequately managed contracts. The company has called on developers to focus on contract verification and ongoing oversight, while users should be diligent in checking their authorization settings, as noted in the GlobeNewswire announcement.