July 10, 2023 at 09:55 GMTModified date: July 10, 2023 at 09:55 GMT
July 10, 2023 at 09:55 GMT

Arcadia Finance suffers $455k exploit

There was a $455,000 hack reported today on the non-custodial DeFi protocol Arcadia Finance, which supports on-chain cross-margin accounts.

Arcadia Finance suffers $455k exploit

The DeFi industry woke up to a $455,000 hack today, Monday 10 July. It happened on the non-custodial decentralised finance protocol Arcadia Finance that supports on-chain cross-margin accounts.

The illicit act drained funds from Ethereum (darcWETH) and Optimism (darcUSDC) vaults of the protocol by exploiting a code vulnerability.

The hack was first alerted by blockchain investigator PeckShield. It pointed out the cause of the malicious activity as “the lack of untrusted input validation”.

Arcadia Finance confirmed the hack after two hours in an announcement, letting its users know that it paused the contracts to prevent further bleeding of funds.

The exploit resulted from a failure of the validation mechanism that cross-checks unverified inputs. The hacker got away with approximately 180 Ether from Optimism. This consisted of 148 $ETH that was bridged from the Ethereum network and 59,000 $USDC that was swapped. While the former was washed via Tornado Cash, the tokens stolen from Ethereum remain parked at the suspected wallet address.

PeckShield also warned Arcadia Finance of another vulnerability in its code that stood the risk of being exploited. It alerted saying: “In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.”

Trending