The Decentralized finance (DeFi) platform Arcadia Finance has recently suffered an exploit, resulting in the loss of approximately $455,000 across the Ethereum and Optimism networks.
According to a popular blockchain security firm, Peckshield, the hacker took advantage of a vulnerability related to untrusted input validation and the absence of reentrancy protection.
#PeckShieldAlert Our community contributor has detected that @ArcadiaFi has been exploited on both #Ethereum and #Optimism for ~$455K
The exploiter on #Ethereum was frontrun by 0x5C75e94dD0Ab9c10BFd1B8073DafEF031D3c050dhttps://t.co/blGx5IEAkk
The exploiter on #optimism… pic.twitter.com/WDzF0XVcmL
— PeckShieldAlert (@PeckShieldAlert) July 10, 2023
As a result, the platform’s Total Value Locked (TVL) plummeted by 76% in the aftermath of the incident, dropping from $605,000 to $145,000. In other words, its TVL dropped from over 300 ETH to just 77 ETH at press time.
Arcadia Finance Falls Victim to Exploit: Investigation Underway
Arcadia Finance has acknowledged the exploit and promptly halted its contracts. The platform claimed to be actively investigating the root cause in collaboration with security experts. Moreover, the Defi platform tweeted that it had initiated contact with the attacker as it continues to find a way to recover stolen assets.
We have initiated contact with the attacker. https://t.co/dh74gG90n6 https://t.co/O39Slsc1z5
We will continue to work with our security partners, law enforcement, and the broader community to resolve this as best we can. Our number one priority is recovering funds for Arcadia…
— Arcadia Finance (@ArcadiaFi) July 10, 2023
The team maintained that additional information will be shared as it becomes available, saying;
”We have paused the contracts and are investigating the root cause with security experts as we speak. More info will follow as it comes available.”
Growing Concerns in the DeFi Space
This recent incident adds to a series of exploits that are plaguing the DeFi ecosystem. In July alone, the sector witnessed the $126 million Multichain hack, the $10 million loss suffered by the Poly Network, and an exploit on Solana-based leveraged NFT trading platform Robox which just happened a few hours back.
We have detected and confirmed malicious activity that has resulted in the exploitation of our aggregated liquidity pool.
Currently, we're working on identifying the fundamental reasons for this breach and revising the contract to protect against similar occurrences in the…
— Robox.Fi – NFT leveraged trading (@Robox_Fi) July 10, 2023
According to Certik, a blockchain security company, the second quarter of 2023 saw more than $300 million in digital assets lost to hacks and exploits. While this figure represents a decline compared to the same period in 2022, it highlights the ongoing vulnerability of Web3 protocols.
Flash loan and oracle manipulation exploits, however, experienced a significant decrease in losses during Q2 2023 compared to Q1. The number of oracle manipulation attacks dropped from 52 to 54, resulting in losses of approximately $23 million, an 89% decline from the first quarter.
With the rise of decentralized finance, it is important to address these security challenges while platforms should also put together additional efforts to strengthen their defenses against potential vulnerabilities.
