{"id":54208,"date":"2023-07-10T06:44:38","date_gmt":"2023-07-10T10:44:38","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=54208"},"modified":"2023-07-10T06:44:40","modified_gmt":"2023-07-10T10:44:40","slug":"arcadia-finance-faces-hack-on-ethereum-optimism-for-455k","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/arcadia-finance-faces-hack-on-ethereum-optimism-for-455k\/","title":{"rendered":"Arcadia Finance Faces Hack on Ethereum, Optimism for $455K"},"content":{"rendered":"\n

Decentralized finance (DeFi) protocol<\/a> Arcadia Finance was hacked using a code vulnerability that allowed the hacker to drain funds worth roughly $455,000 from its Ethereum and Optimism vaults.<\/p>\n\n\n\n

\"Arcadia
Arcadia Finance Faces Hack on Ethereum, Optimism for $455K<\/figcaption><\/figure>\n\n\n\n

PeckShield, a blockchain investigator, notified Arcadia Finance of a hack and identified the cause as “the lack of untrusted input validation.” Supposedly, the code lacked a mechanism to cross-check unverified inputs. This vulnerability allowed the intruder to steal approximately $455k from the Ethereum (darcWETH) and Optimism (darcUSDC) vaults.<\/p>\n\n\n\n

\"\"
Arcadia Finance code required no validation of untrusted input. Source: PeckShield<\/em><\/figcaption><\/figure>\n\n\n\n

\u00a0The team stated, however, that the fundamental cause identified by PeckShield \r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>needs to be corrected.<\/p>\n\n\n\n

Two hours after PeckShield's notification, Arcadia Finance verified the hack and halted the contracts to prevent further loss of funds.<\/p>\n\n\n\n

\n

We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.<\/p>— Arcadia Finance (@ArcadiaFi) July 10, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

While investigations are ongoing, Arcadia's code contains an additional vulnerability that, if exploited, could prove catastrophic for the protocol. As stated by PeckShield:<\/p>\n\n\n\n

\n

\u201cIn addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n

Most of the misappropriated funds, approximately 180 Ether, originated from Optimism and were cleansed with Tornado Cash<\/a>. However, the misappropriated Ethereum tokens, valued at over $103,000 when writing, remain at the suspect wallet address.<\/p>\n\n\n\n

In the second quarter of 2023, breaches and exploits in the crypto space caused a more than $300 million loss.<\/p>\n\n\n\n

According to a blockchain security company CertiK report, 212 security incidents were recorded during the quarter, culminating in a loss of $313,566,528 from Web3 protocols.<\/p>\n\n\n\n

Compared to Q2 data from the previous year, CertiK discovered that crypto breaches decreased by 58%. The BNB Smart Chain had the highest number of incidents, with 119 resulting in $70,711,385 in losses.<\/p>\n","protected":false},"excerpt":{"rendered":"

Decentralized finance (DeFi) protocol Arcadia Finance was hacked using a code vulnerability that allowed the hacker to drain funds worth roughly $455,000 from its Ethereum and Optimism vaults. PeckShield, a blockchain investigator, notified Arcadia Finance of a hack and identified the cause as “the lack of untrusted input validation.” Supposedly, the code lacked a mechanism […]<\/p>\n","protected":false},"author":12,"featured_media":54212,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[15193,11230,128,1496,4490],"class_list":["post-54208","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-arcadia-finance","tag-defi-protocol","tag-ethereum","tag-hack","tag-optimism"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/III.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/54208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=54208"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/54208\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/54212"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=54208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=54208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=54208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}