A hacker extracted approximately $455,000 from the non-custodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.
Blockchain Researcher PeckShield alerted about the hack at Arcadia Finance, highlighting the cause as “the lack of unreliable input validation.” The code supposedly lacked a validation mechanism to check unverified input. This loophole allowed the hacker to drain approximately $455,000 worth of funds from the Ethereum (darcWETH) and Optimism (darcUSDC) vaults.
Arcadia Finance has not yet responded to Cointelegraph’s request for comment.
Arcadia Finance confirmed the hack two hours after PeckShield’s hint and subsequently halted the contracts to prevent further loss of funds.
We are aware of a possible exploit in our protocol.
We have paused contracts and are investigating the root cause with security experts as we speak. More information will follow as it becomes available.— Arcadia Finance (@ArcadiaFi) July 10, 2023
While investigations are ongoing, the Arcadia code harbors another vulnerability, which could prove catastrophic to the protocol if exploited. According to PeckShield:
“In addition, there is a lack of re-entry protection, allowing instant settlement to bypass internal control of the vault.”
Most of the stolen funds were from Optimism, approximately 180 Ether (ETH), and have been washed through Tornado Cash. However, the stolen Ethereum tokens, worth more than $103,000 at the time of writing, remain parked at the suspected wallet address.
Related: Multi-chain MPC bridge sees departures of more than $100 million, raising fears of exploitation
In the second quarter of 2023, attacks and exploits in the crypto space resulted in a cumulative loss of more than $300 million.
A report by blockchain security firm CertiK showed that a total of 212 security incidents were recorded in the quarter, resulting in a loss of $313,566,528 from Web3 protocols.
Compared to data from the second quarter of the prior year, CertiK found that crypto hacks decreased by 58%. Of all, BNB Smart Chain recorded the most incidents, with 119 incidents resulting in $70,711,385 in losses.
Pick up this item as NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine: Should kids be on the ‘orange pill’? The case of Bitcoin children’s books
