Security is the foundation of Firoza Finance, and we take proactive measures to protect our users and platform.

On February 7, 2025, during ongoing development, an update to our codebase unintentionally exposed a server private key, which was exploited by a malicious third party. This resulted in an unauthorized withdrawal of $22K of Pool Profits before our security systems detected and contained the incident.

It is important to note that:

·  No user deposits were affected

·  All platform funds remain fully secure

·  The $22K in withdrawn profits will be fully covered by Firoza Finance to ensure no impact on user earnings

·  We immediately initiated a full-scale security review to prevent future risks

As soon as we were alerted to the incident, we immediately put the platform into maintenance mode to allow our teams to conduct an extensive review of all security systems, identify all potential vulnerabilities, and implement a structured action plan to reinforce the protocol.

How It Happened & Our Response

On February 7, 2025, our real-time monitoring flagged unusual activity within the protocol. Upon further investigation, our security team discovered that a private key had been unintentionally exposed during a routine code update, allowing an attacker to execute unauthorized withdrawals.

Our immediate response included:

·  Isolating the vulnerability & containing the exploit – Unauthorized access was stopped swiftly, and the protocol was put into maintenance mode.

·  Limiting impact – Less than 1% of total TVL ($1.9M+) was affected; By design, the protocol protected user funds, and all user funds remained intact.

·  Security Review Initiated – We conducted a full-scale internal security audit to assess risks and eliminate potential future threats.

·  Strengthening Our Security Model – We began implementing comprehensive security upgrades to reinforce our infrastructure.

·  Maintenance Mode Until Enhancements Are Complete

To ensure all fixes are fully implemented and tested, the Firoza Finance platform is currently in maintenance mode while we:

·  Complete smart contract updates & security enhancements

·  Update platform backend and automations to align with the above enhancements

·  Optimize the front-end for better visibility of pool contract interactions

Once restored, all access, funds, and profits will be exactly as they were before the exploit.

HAQQ Network secures Firoza Finance

Firoza Finance operates on HAQQ Network, leveraging its secure, scalable blockchain infrastructure.

This incident was an isolated event within Firoza Finance’s development environment, and HAQQ’s security and blockchain integrity were never compromised.

Our ongoing collaboration with HAQQ remains strong, and these security enhancements will ensure even greater resilience as we continue to scale.

Strengthening Security for the Future

We have taken decisive action to eliminate risks and reinforce security at every level.

·  Smart Contract Hardening – Redesigning contract structures to eliminate private key exposure risks.

·  Multi-Signature Transactions – Implementing multi-sign approvals to limit transfer-related vulnerabilities.

·  Revamped Access Controls – Removing outdated permissions to prevent unintended exposure.

·  Enhanced Multi-Factor Authentication (MFA) – Strengthening security across all development environments.

·  Independent Security Audits & Penetration Testing – Conducting comprehensive reviews with third-party security experts.

These upgrades ensure that Firoza Finance meets and exceeds institutional-grade security standards, further strengthening the LibFi ecosystem.

Relaunch Timeline: What’s Next?

Current Status:

·  Dapp is in maintenance mode while fixes are being implemented

·  Smart contract integrity revalidation underway

Upcoming Timeline:

·  February 18th – February 25th  Finalizing security enhancements, updating smart contracts, and backend improvements

·  March 10th 2025 - Platform relaunch with expanded protections and an improved user experience

Once restored, users will regain full access to their funds and expected profits, with even stronger security measures in place.

Commitment to Transparency & Security

We believe in 100% transparency and have taken the time to ensure that all corrective actions are in place before making this announcement.

This incident has reinforced our commitment to:

·  Proactive security monitoring

·  Ongoing security updates

·  Delivering a safe, seamless DeFi experience

Beyond security, we are also expanding opportunities for our users:

·  New investment pools & diversified earning strategies

·  Enhanced UX and accessibility

·  A stronger, more resilient Firoza Finance ecosystem

We appreciate our community’s trust as we continue building the future of secure, ethical DeFi.

Long-Term Security Commitment

Our security-first approach includes:

·  Regular independent audits & penetration testing

·  Ongoing security updates & proactive risk monitoring

·  Transparent security disclosures for our community

For responsible security disclosure, contact us at: security@firoza.finance

Track TVL & Growth: https://defillama.com/protocol/firoza-finance

Visit Firoza Finance: https://firoza.finance

We remain dedicated to scaling Firoza Finance with stronger security, enhanced protections, and new investment opportunities for all users.