Arcadia Finance, a non-custodial DeFi protocol, has been breached by a hacker who exploited a programming flaw and stole approximately $455,000 from the protocol.
#PeckShieldAlert Our community contributor has detected that @ArcadiaFi has been exploited on both #Ethereum and #Optimism for ~$455K
The exploiter on #Ethereum was frontrun by 0x5C75e94dD0Ab9c10BFd1B8073DafEF031D3c050dhttps://t.co/blGx5IEAkk
The exploiter on #optimism… pic.twitter.com/WDzF0XVcmL
— PeckShieldAlert (@PeckShieldAlert) July 10, 2023
The investigation also uncovered an additional vulnerability in Arcadia’s code that poses a significant threat to the protocol – the lack of reentrancy protection. According to PeckShield, this flaw will enable swift liquidation of its funds and easy bypasses of its vault’s internal health check.
Upon receiving the report, Arcadia Finance promptly acknowledged the incident and suspended the affected contracts to prevent further financial losses.
We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.— Arcadia Finance (@ArcadiaFi) July 10, 2023
Most of the stolen funds were from the protocol’s Optimism vault, and they were subsequently laundered through Tornado Cash. However, the ETH tokens in the loot, valued at over $103,000, are still in the hacker’s suspected wallet address.
This security breach adds to a series of similar incidents within the crypto industry during the second quarter of 2023. CertiK, another blockchain security firm, identified 212 security issues in Web3 protocols during this period, all of which resulted in losses totaling $313,566,528. Most of these breaches often a result of hackers exploiting vulnerabilities in the affected protocol’s code.
In a separate development, NFT platform, Foundation narrowly escaped a catastrophic event which could’ve caused most of the NFTs hosted on it to be lost permanently.
The platform’s CTO, Elpizo Choi, recently announced the successful resolution of a critical problem related to the self-destruct function in the platform’s code.
Choi stated the issue had been fixed for contracts deployed before March 6, 2023, and contracts deployed after this date were already considered secure. This self-destruction risk was first discovered by 0xngmi, co-founder of DeFiLlama, and brought to public attention on June 21, 2023.
The Arcadia Finance incident is a stark reminder of the persistent vulnerabilities within DeFi protocols and highlights the urgent need for comprehensive security measures to safeguard users’ funds.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”