DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455k
DeFi News

DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455k

A loophole in the code allowed the hacker to drain funds worth roughly $455,000 from Arcadia’s Ethereum (darcWETH) and Optimism (darcUSDC) vaults collectively.

DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455k

NEWS

A hacker drained approximately $455,000 from non-custodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.

Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, pointing out the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults collectively.

Arcadia Finance code required no validation of untrusted input. Source: PeckShield

Arcadia Finance has not yet responded to Cointelegraph’s request for comment.

Arcadia Finance confirmed the hack two hours after PeckShield’s intimation and subsequently paused the contracts to prevent further bleeding of funds.

Advertisement

This new DeFi guide may just In time for the next DeFi summer, are you ready?

Ad

While the investigations are underway, Arcadia’s code houses another vulnerability, which could prove catastrophic for the protocol if exploited. According to PeckShield:

“In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.”

The majority of the stolen funds — approximately 180 Ether 

ETH

$1,855

 — were from Optimism, and have been washed via Tornado Cash. However, the stolen tokens — worth over $103,000 at the time of writing — on Ethereum remain parked at the suspected wallet address.

Related: Multichain MPC bridge sees $100M+ outflows, sparking fears of exploit

In Q2 of 2023, hacks and exploits in the crypto space resulted in a cumulative loss of over $300 million.

A report by blockchain security company CertiK showed that a total of 212 security incidents were recorded in the quarter, resulting in a loss of $313,566,528 from Web3 protocols.

When compared to the previous year’s Q2 data, CertiK found that the crypto hacks declined by 58%. Out of the lot, BNB Chain recorded the most incidents, with 119 incidents leading to $70,711,385 in losses.

Leave feedback about this

  • Quality
  • Price
  • Service

PROS

+
Add Field

CONS

+
Add Field
Choose Image
Choose Video
X