Arcadia Finance Exploited: $2.5M Stolen and Converted to WETH
A devastating cyber attack has hit the decentralized finance (DeFi) platform Arcadia Finance, resulting in the theft of approximately $3.5 million in cryptocurrency.
The attacker exploited a vulnerability in Arcadia's Rebalancer contract by abusing arbitrary swapData parameters, enabling a rogue swap that drained assets from user vaults. This exploit unfolded on Tuesday at 04:05:58 UTC and was carried out within a minute of deployment, according to an alert from blockchain security company Cyvers.
The malicious contract deployed by the attacker triggered the exploit, which led to the theft of about 2.3 million USDC (US Dollar Coin) and around 227,000 USDS (United States Dollar Stablecoin). The stolen tokens were then swapped to Wrapped Ethereum (WETH) on the Base network and bridged over to the Ethereum mainnet.
Cyvers reported that all looted funds resided behind fresh intermediary addresses on Ethereum, indicating an attempt to obfuscate the trail through fragmentation and likely mixing or decentralized exchange (DEX) activity may come soon. However, with the help of blockchain security tools, investigators were able to track down the stolen assets.
The attacker received 199 WETH and 965.8 million AERO tokens during the swap process, across 12 impacted addresses. Additionally, the exploiter successfully extracted nearly $1 million in multiple transactions from the platform, bringing the total lost amount to $3.5 million.
Update: Total Loss Reaches $3.5 Million
Cyvers has confirmed that Arcadia Finance suffered yet another attack, with the exploiter successfully extracting nearly $1 million in multiple transactions from the platform. This brings the total lost amount to $3.5 million.
Recommendations from Cyvers
Cyvers recommended several steps to mitigate potential damage and prevent future attacks:
* Blacklist the involved addresses on both Base and Ethereum. * Notify major exchanges and bridges to halt inbound transactions. * Share suspicious activity reports with law enforcement.
By taking these measures, users can minimize their risk of falling victim to similar exploits in the future.
Arcadia Finance Response
The Arcadia Finance team confirmed the exploit in a Tuesday post on X. They stated: "The team is aware of unauthorized transactions via a Rebalancer. Remove all permissions for asset managers. More information will follow."
They also advised users to revoke any permissions granted to rebalancers within Arcadia's platform to minimize further risk.
Impact on the Crypto Community
The recent attacks on Arcadia Finance serve as a stark reminder of the importance of blockchain security and the need for vigilance in the face of emerging threats. As reported by CertiK, more than $800 million was lost across 144 incidents in Q2, representing a 52% decrease in value lost compared to the previous quarter.
Crypto Crime Supercycle: FOMO and Lax Rules
Related: The recent surge of crypto hacks and scams can be attributed, in part, to the lack of regulation and oversight within the industry. As the cryptocurrency market continues to grow and mature, it's essential that authorities and regulatory bodies take proactive steps to address these issues.
Conclusion
Arcadia Finance's recent exploit highlights the need for continued investment in blockchain security and the importance of user awareness when interacting with DeFi platforms. By staying informed and taking proactive measures to protect themselves, users can minimize their risk of falling victim to similar exploits in the future.