Arcadia Finance, a decentralized finance (defi) protocol, has suffered a major setback, falling victim to a code exploit, resulting in a significant loss of approximately $455,000.
The breach was initially detected by blockchain security firm PeckShield, which identified a coding oversight related to untrusted input validation as the root cause of the vulnerability. Exploiting this coding loophole, a hacker managed to drain funds from Arcadia’s Ethereum and Optimism vaults, putting the defi protocol in a precarious position.
The company confirmed the breach on Twitter and suspended the affected contracts to minimize further losses.
PeckShield’s investigation further revealed another vulnerability in Arcadia’s code, highlighting the absence of untrusted input validation and reentrancy protection.
The lack of reentrancy protection allowed hackers to bypass the internal vault health check by enabling instant liquidation.
PeckShield’s findings indicate that the majority of the stolen funds, approximately 180 ethereum (ETH), originated from Arcadia’s Optimism vault. Allegedly, these funds were moved through Tornado Cash, an ethereum-based mixing service. However, the stolen ETH, valued at over $340,000 at the time of writing, remains stagnant in the suspected hacker’s wallet.
Defi exploits continue to challenge crypto space
This exploit adds to a series of high-profile attacks within the defi space. Just days before, the Multichain hack saw a staggering $130 million stolen. In response, stablecoin issuers Tether and Circle took action blacklisting five addresses connected to the stolen funds.
Earlier this month, the Poly Network also suffered a $5.5 million exploit, further highlighting concerns surrounding the security of defi protocols.
Arcadia Finance has been actively engaging with the hacker, seeking to leverage its community and security options to achieve a swift resolution. The protocol emphasized its commitment to recovering funds for its users as its top priority.
To regain trust and bolster security, Arcadia Finance is expected to conduct a thorough analysis of its existing security systems and implement more stringent measures to prevent future breaches.
“Our number one priority is recovering funds for Arcadia protocol users.”
Arcadia Finance on Twitter.
The impact of this breach is already evident, as a defi tlv aggregator DeFiLlama reported a significant 76% drop in Arcadia Finance’s total value locked (tel), falling from $605,000 to $143,000 within a short span of time.