Share this article
DeFi protocol Arcadia Finance fell victim to a code exploit, leading to a significant loss of approximately $455,000. Blockchain security firm PeckShield was the first to detect and reveal the breach, attributing it to a coding oversight concerning untrusted input validation.
#PeckShieldAlert Our community contributor has detected that @ArcadiaFi has been exploited on both #Ethereum and #Optimism for ~$455K
The exploiter on #Ethereum was frontrun by 0x5C75e94dD0Ab9c10BFd1B8073DafEF031D3c050dhttps://t.co/blGx5IEAkk
The exploiter on #optimism… pic.twitter.com/WDzF0XVcmL
— PeckShieldAlert (@PeckShieldAlert) July 10, 2023
The loophole allowed the infiltrator to drain funds from Arcadia’s Ethereum and Optimism vaults, leaving the DeFi protocol in a precarious position, according to PeckShield. Following the alert, Arcadia Finance quickly confirmed the breach and suspended the affected contracts, attempting to stymie further loss.
We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.
— Arcadia Finance (@ArcadiaFi) July 10, 2023
Further compounding the issue, PeckShield identified another vulnerability in Arcadia’s code “due to the lack of untrusted input validation.” The lack of reentrancy protection, which safeguards against multiple simultaneous entries into the protocol, could open the door for hackers to sidestep the protocol’s internal vault health check:
“In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.”
PeckShield’s findings suggest that the bulk of the stolen funds were from the Optimism vault, roughly 180 Ether, which have been allegedly moved through Tornado Cash, a privacy-centric Ethereum mixing service. The ETH, however, with a value exceeding $103,000 at the time of reporting, remains static in the suspected hacker’s wallet.
Arcadia notified its community on Twitter that it is in contact with the hacker, looking to utilize its community and security options for a quick resolution.
For Arcadia Finance, the road to recovery will likely involve extensive analysis of its current security systems and the implementation of more stringent measures to prevent such breaches in the future:
“Our number one priority is recovering funds for Arcadia protocol users.”
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.