Noncustodial Decentralized Finance (DeFi) protocol Arcadia Finance recently experienced a security compromise that resulted in a loss of over $455,000 as a result of a hacker exploiting a code weakness. The hacker was able to withdraw money from Arcadia’s Ethereum (darcWETH) and Optimism (darcUSDC) vaults because of the exploit.
PeckShield, a blockchain researcher, exposed the hack and identified the lack of untrusted input validation in Arcadia Finance’s code. The main flaw caused the security breach, enabling the hacker to exploit the system by neglecting to evaluate unverified inputs. The hacker took advantage and stole money as a result.
Arcadia Finance disputes PeckShield’s assessment and has not commented on media inquiries regarding the issue. Following PeckShield’s alert, the protocol swiftly confirmed the hack after two hours. It immediately paused the contracts to prevent further fund losses.
The current study has discovered a further vulnerability in Arcadia’s code related to reentrancy protection. This vulnerability’s potentially disastrous effects on the protocol make it even more urgent to address and improve security precautions.
The majority of the stolen money, about 180 Ether (ETH), originated from the Optimism vault and was laundered through Tornado Cash. The alleged wallet address still holds the stolen Ethereum network tokens, which are valued at more than $103,000.
The list of attacks and exploits in the bitcoin ecosystem is getting longer as a result of this security lapse. According to a survey by the blockchain security firm CertiK, the sector lost a total of over $300 million in just the second quarter of 2023. The research show that there were 212 security incidents in total during the quarter, costing $313,566,528 in losses from various Web3 protocols.
According to CertiK’s study, there has been a 58% decrease in cryptocurrency attacks since the same time last year. Binance Smart Chain (BNB) recorded the highest number of incidents, with 119 reported cases. These incidents caused damages totaling $70,711,385.
The ongoing Arcadia Finance hack investigation serves as a stark reminder of the importance of robust security measures. It highlights the need for thorough code audits in the rapidly evolving DeFi landscape.