Arcadia Finance's DeFi protocol suffered a hack for $455K on Ethereum and Optimism

By: Henry Felix

Arcadia Finance's DeFi protocol suffered a hack for $455K on Ethereum and Optimism

July 10, 2023 11:13 AM

Due to a security flaw, the hacker was able to steal about $455,000 worth of Ethereum and Optimism from Arcadia's cold storage.


Arcadia Finance, a system for non-custodial decentralized finance (DeFi), was hacked for over $455,000 due to a flaw in the code.


The breach on Arcadia Finance was brought→ to light by blockchain investigator PeckShield, who attributed it to "the lack of untrusted input validation." According to reports, the code lacked a validation method for cross-checking unverified inputs. This flaw allows the hacker to steal $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults.


Arcadia Finance acknowledged the hack two hours after PeckShield's notification, and the contracts were then suspended to prevent further financial loss.

 


While the inquiries are being conducted, another flaw in the Arcadia code exists, which might have a devastating effect on the protocol. PeckShield→ explains:


"There was is also no security measure against re-entry, and that allows immediate liquidation get around an internal vault health check."


The vast majority of the stolen funds, approximately 180 Ether (ETH), originated from Optimism and washed→ away using Tornado Cash. However, the Ethereum tokens that were stolen are still sitting at the alleged wallet address, with a current market value of almost $103,000.


Over $300 million was lost due to hacks and exploits in the cryptocurrency industry during the second quarter of 2023.


According to CertiK, a blockchain security company, 212 security incidents were registered in the quarter, leading to a loss of $313,566,528 from Web3 protocols.


CertiK discovered that crypto hacks decreased by 58% when compared to the previous year's Q2 statistics. The BNB Smart Chain had the highest problems, with 119 incidences totaling $70,711,385 in losses.