DeFi Protocol Hack Raises $455K From Arcadia Finance
Share this article
DeFi protocol Arcadia Finance has fallen victim to a code exploit, resulting in a massive loss of nearly $455,000. Blockchain security firm PeckShield was the first to discover the breach, which involved code control over untrusted resource authentication.
#PeckShieldAlert saw our community contribution @ArcadiaFi leveraged for ~$455K in both #Ethereum and #Optimism.
The exploit on #Ethereum was preceded by 0x5C75e94dD0Ab9c10BFd1B8073DafEF031D3c050d
Exploited by #brightness… pic.twitter.com/WDzF0XVcmL
— PeckShieldAlert (@PeckShieldAlert) July 10, 2023
The vulnerability allowed the hacker to withdraw funds from Arcadia's Ethereum and Optimum vaults, leaving the DeFi protocol vulnerable, according to PeckShield. Following the alert, Arcadia Finance quickly confirmed the breach and suspended the affected contracts in an attempt to stem further losses.
We know there is a potential exploit in our protocol. We have temporarily suspended the contracts and are investigating the cause with security experts. More information will follow as it becomes available.
— Arcadia Finance (@ArcadiaFi) July 10, 2023
Complicating matters further, PeckShield also disclosed another vulnerability in Arcadia's code “due to an incredible lack of input validation.” The lack of re-entry protection against multiple simultaneous entries into the protocol can open the door for hackers to bypass the protocol's internal vault health checks.
“There is also a lack of re-entry protection, which allows rapid liquid to bypass internal vault health checks.”
PeckShield's findings indicate that most of the stolen funds were approximately 180 Ether from Optisism Vault, which were moved by Tornado Cash, a privacy-focused Ethereum hybrid service. ETH, however, remains stable in the suspected hacker's wallet, worth more than $103,000 at the time of reporting.
Arcadia announced on Twitter that it has contacted the hacker to use its community and security options for a quick fix.
For Arcadia Finance, the road to recovery will include an extensive analysis of its current security systems and the implementation of more stringent measures to prevent such breaches in the future.
“Our number one priority is refunding Arcadia Protocol users.”
Share this article
The information on or included in this website is obtained from independent sources that we believe to be accurate and reliable, but we make no representations or warranties as to the timeliness, completeness or accuracy of any information on or accessible from this website. . Decentralized Media, Inc. Not an investment advisor. We do not provide personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may be out of date, or may be incomplete or incorrect. We may, but are not obligated to, update any outdated, incomplete or inaccurate information.
You should not make an investment decision in an ICO, IEO or other investment based on the information on this website and you should never interpret or rely on any information on this website as investment advice. If you are seeking investment advice on an ICO, IEO or other investment, we strongly recommend that you consult a licensed investment advisor or other qualified financial professional. We do not receive compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities or commodities.
See full terms and conditions.
