A hacker managed to exploit a code vulnerability in the noncustodial protocol Arcadia Finance, resulting in a staggering loss of approximately $455,000. The hack was first detected by PeckShield, a prominent blockchain investigator, who promptly alerted the Arcadia Finance team.
PeckShield emphasized that the vulnerability stemmed from the absence of proper untrusted input validation in the code, which allowed the hacker to exploit the system and drain funds from the Ethereum-based darcWETH and Optimism-based darcUSDC vaults.
Shortly after PeckShield’s warning, Arcadia Finance confirmed the security breach and took immediate action by halting the contracts to prevent further financial damage. However, the investigation is ongoing, and concerns have emerged regarding another vulnerability in Arcadia’s code that could potentially exacerbate the situation if exploited. Specifically, PeckShield noted the absence of reentrancy protection, which enabled the hacker to bypass internal vault health checks and instantly liquidate the stolen assets.
Most of the pilfered funds, totaling approximately 180 Ether, were obtained from the Optimism network and subsequently laundered through Tornado Cash. Nevertheless, the tokens stolen from the Ethereum network, valued at over $103,000, remain untouched and parked in the suspected wallet address.
This recent breach adds to the growing list of security incidents that have plagued the crypto space in the second quarter of 2023. According to a report from CertiK, a blockchain security company, a total of 212 security incidents were recorded during this period, resulting in a staggering cumulative loss of $313,566,528 from various Web3 protocols.
While the figures indicate a decline of 58% in crypto hacks compared to the same quarter of the previous year, the impact remains significant. The BNB Smart Chain emerged as the most affected network, with 119 incidents leading to losses amounting to $70,711,385.