key takeaways:
- Arcadia Finance’s DeFi system was hacked on Ethereum and Optimism for $455K.
- A security flaw in Arcadia Finance’s DeFi protocol allowed a hacker to steal approximately $500,000 from its Ethereum and Optimism vaults.
In a significant blow to the decentralized finance (DeFi) sector, Arcadia Finance, a prominent protocol, has recently fallen victim to a devastating hack, resulting in a loss of $455,000. The breach targeted both Ethereum and Optimism, raising concerns about the security and vulnerabilities within the DeFi ecosystem.
DeFi protocol Arcadia Finance has informed users that it suffered a hack that cost it $455,000. According to blockchain security company PeckShield, this theft was made possible by holes in Arcadia’s code.
In March, the permissionless, non-custodial system Arcadia Finance was introduced on Ethereum and Optimism. Users are able to increase staked ether and trade spot with leverage.
PeckShield highlighted that the vulnerability was a result of inadequate validation of untrusted input in the code. This flaw allowed the hacker to exploit the system and drain funds from both the Ethereum-based darcWETH and Optimism-based darcUSDC vaults.
Following PeckShield’s warning, Arcadia Finance swiftly responded by suspending the contracts to prevent further financial harm. However, an ongoing investigation has raised concerns about another potential vulnerability in Arcadia’s code that, if exploited, could worsen the situation.
Specifically, PeckShield pointed out the lack of reentrancy protection, which enabled the hacker to bypass internal vault health checks and quickly liquidate the stolen assets.
The attacker swiftly moved by transferring around 179.3 ETH from the Optimism[OP] network. This sum was acquired by combining 148 ETH, which was bridged from the Ethereum network, and 59,000 USDC obtained through a swap.
The funds were then directed to Tornado Cash. By utilizing Tornado Cash, the attacker likely intended to obscure the transaction trail and create challenges in tracing the source of the funds.
This incident serves as a stark reminder of the persistent challenges faced by DeFi platforms and the need for enhanced security measures. In recent times Defi ecosystems have endured heavy losses, just a week back defi network PolyNetwork was hacked by leveraging smart contract features in the bridge tool of the cross-chain protocol.
