Arcadia Finance, a decentralized finance (DeFi) protocol, fell victim to a hack where a hacker exploited a code vulnerability resulting in the unauthorized withdrawal of approximately $455,000. The lack of proper validation in the code allowed the hacker to drain funds from the Ethereum (darcWETH) and Optimism (darcUSDC) vaults. PeckShield, a blockchain investigator, identified the cause as a “lack of untrusted input validation” in the code.
A request for comment from Arcadia Finance remains unanswered as of now. However, two hours after being alerted by PeckShield about the hack, Arcadia Finance acknowledged the incident and took action by pausing the contracts to halt any additional loss of funds.
As the investigations continue, there is another vulnerability present in Arcadia’s code that has the potential to cause severe damage to the protocol if taken advantage of. PeckShield points out that there is a “lack of protection against reentrancy, which allows for instant liquidation to bypass the internal vault health check.”
The majority of the stolen funds, approximately 180 Ether, were taken from Optimism and have been laundered using Tornado Cash. However, the stolen tokens on the Ethereum network, valued at over $103,000 at the time of writing, remain in the suspected wallet address.
During the second quarter of 2023, the crypto space experienced multiple hacks and exploits, resulting in a combined loss exceeding $300 million.
According to a report by CertiK, a blockchain security company, a total of 212 security incidents were reported during the quarter, leading to a loss of $313,566,528 from Web3 protocols.
When compared to the same period in the previous year, CertiK found that crypto hacks decreased by 58%. Among these incidents, the BNB Smart Chain encountered the highest number, with 119 recorded cases resulting in losses totaling $70,711,385.
