DeFi Protocol Hack Drains $455K from Arcadia Finance

A security vulnerability in Arcadia Finance’s DeFi protocol enabled a hacker to drain nearly half a million dollars from its Ethereum and Optimism vaults.

DeFi Protocol Hack Drains $455K from Arcadia Finance

Share this article

DeFi protocol Arcadia Finance fell victim to a code exploit, leading to a significant loss of approximately $455,000. Blockchain security firm PeckShield was the first to detect and reveal the breach, attributing it to a coding oversight concerning untrusted input validation.

The loophole allowed the infiltrator to drain funds from Arcadia’s Ethereum and Optimism vaults, leaving the DeFi protocol in a precarious position, according to PeckShield. Following the alert, Arcadia Finance quickly confirmed the breach and suspended the affected contracts, attempting to stymie further loss.

Further compounding the issue, PeckShield identified another vulnerability in Arcadia’s code “due to the lack of untrusted input validation.” The lack of reentrancy protection, which safeguards against multiple simultaneous entries into the protocol, could open the door for hackers to sidestep the protocol’s internal vault health check:

“In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.”

PeckShield’s findings suggest that the bulk of the stolen funds were from the Optimism vault, roughly 180 Ether, which have been allegedly moved through Tornado Cash, a privacy-centric Ethereum mixing service. The ETH, however, with a value exceeding $103,000 at the time of reporting, remains static in the suspected hacker’s wallet.

Arcadia notified its community on Twitter that it is in contact with the hacker, looking to utilize its community and security options for a quick resolution.

For Arcadia Finance, the road to recovery will likely involve extensive analysis of its current security systems and the implementation of more stringent measures to prevent such breaches in the future:

“Our number one priority is recovering funds for Arcadia protocol users.”

Share this article

Loading...