DeFi protocol: Arcadia Finance loses about $455k on Ethereum and Optimism due to hack

Arcadia Finance, a noncustodial decentralized finance (DeFi) protocol, fell victim to a hack in which approximately $455,000 worth of funds were drained from its Ethereum and Optimism vaults. The exploit was made possible by a code vulnerability within the protocol.

PeckShield, a blockchain investigator, raised the alarm about the hack and identified the cause as a “lack of untrusted input validation” in the code. Essentially, the code did not have a mechanism to verify unverified inputs, creating a loophole that allowed the hacker to siphon funds from Arcadia’s Ethereum (darcWETH) and Optimism (darcUSDC) vaults.

While several media platforms reached out to Arcadia Finance for comment on the hack, the team has yet to respond. However, they did inform Cointelegraph that PeckShield’s identified root cause was incorrect.

Arcadia Finance acknowledged the hack two hours after being alerted by PeckShield and took immediate action by pausing the contracts to prevent further loss of funds. Investigations into the incident are currently ongoing. Additionally, PeckShield discovered another vulnerability in Arcadia’s code that, if exploited, could have catastrophic consequences for the protocol. This vulnerability involves a lack of reentrancy protection, which allows for instant liquidation to bypass internal vault health checks.

The majority of the stolen funds, approximately 180 Ether, originated from Optimism and have been laundered using Tornado Cash. However, the stolen tokens on Ethereum, valued at over $103,000 at the time of writing, remain within the suspected wallet address.

The second quarter of 2023 witnessed several hacks and exploits in the crypto space, resulting in a cumulative loss exceeding $300 million. According to a report by CertiK, a blockchain security company, there were 212 security incidents recorded during this period, leading to a total loss of $313,566,528 from various Web3 protocols.

CertiK’s analysis revealed a 58% decline in crypto hacks compared to the same quarter of the previous year. Among the incidents, the BNB Smart Chain experienced the highest number, with 119 recorded hacks resulting in losses totaling $70,711,385. These figures highlight the ongoing challenges faced by the crypto industry in ensuring the security and integrity of its protocols.