DeFi Exploit Season Not Over as Arcadia Finance Loses $455,000

Reports are emerging that the decentralized finance (DeFi) platform Arcadia Finance may have become the latest exploit victim. A leading blockchain security firm has detected spurious transactions on the network, but Arcadia has yet to confirm.

On July 10, blockchain security firm PeckShield reported that one of its community contributors detected an exploit on margin lending platform Arcadia Finance.

Another DeFi Exploit

The platform had been exploited on Ethereum and layer-2 network Optimism for around $455,000, it reported.

It added that the exploiter has already transferred around 179 ETH by bridging 148 ETH and swapping 59,000 USDC to Tornado Cash.

Arcadia Finance flow of stolen funds. Source: Twitter/@PeckShieldAlert
Arcadia Finance flow of stolen funds. Source: Twitter/@PeckShieldAlert

PeckShield added that its analysis of the hack shows that the losses are “due to the lack of untrusted input validation, which is exploited to drain funds from both darcWETH and darcUSDC vaults.”

Additionally, “there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check,” it added.

There were no alerts, updates, or further details on the Arcadia Finance Twitter feed.

BeInCrypto reached out to Arcadia Finance for further details but had not received a response at the time of publication. Arcadia is a non-custodial protocol enabling composable cross-margin accounts on-chain.

Additionally, DeFiLlama reported a sharp drop in Arcadia Finance TVL a couple of hours ago. It fell 76% from $605,000 to $145,000.

DeFi Exploits Not Slowing

The latest DeFi exploit follows the $126 million Multichain hack on July 7. Over the weekend, stablecoin issuers Tether and Circle blacklisted five addresses that received some of the stolen funds.

Furthermore, the Poly Network was exploited again earlier this month, losing $10 million to hackers.  

In a related development, Solana-based leveraged NFT trading platform Robox also reported an exploit on June 10.

“We have detected and confirmed malicious activity that has resulted in the exploitation of our aggregated liquidity pool.”

However, details were few and far between at the time of writing.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source: https://beincrypto.com/defi-arcadia-finance-exploited-455000-tvl/