Arcadia Defi protocol hacked on Ethereum and optimism for $455K

There has been another hack on the Ethereum platform, and this is the third time this year that the Ethereum platform has been hacked.

The first being in April 2023, with a loss of $10 million, and the second hack was in May 2023, with a loss of $600 million. This was the second biggest hack ever in the Ethereum platform. 

According to a report conducted by five researchers from the UK and Singapore in 2019, Smart contracts are more prone to hacking due to poor coding and bugs. Additionally, the Ethereum platforms are hacked due to its Ethereum “bridge” feature where ETH tokens of different platforms are traded in large amounts. 

Arcadia Finance now is the third Defi platform to be hacked this year. 

The hackers used a code that acted as a loophole which allowed the hacker to transfer the funds worth about $455,000 from Arcadia’s decentralized finance Ethereum platform and Optimism vaults. 

PerkShield, the blockchain investigator, took to Twitter to share the news. PerkShield has attached a screenshot as well of the IP address of the hacker. 

PerkShield alerted that the hacker had already transferred 179.3 $ETH to Tornado Cash. The investigator further explained, that due to the lack of input validation of untrusted sources, the hacker was able to hack the system.

The code had a mechanism that lacked the validation system and cross-verification of the account. The hacker leveraged the weak point of the non-validation of untrusted sources and transferred ETH worth $455,000 from Ethereum and Optimism.

Arcadia Finance has not commented yet on the recent hack. However, the team has stated that the root cause for the hack that PerkShield mentioned on Twitter was incorrect. 

Arcadia Finance later confirmed the hack two hours after PerkShield posted on Twitter. Arcadia Finance then paused all contracts to stop the funds from being drained any further.

While the investigation is still ongoing, Arcadia’s code consists of another weakness that could prove disastrous for the protocol to be misused. PerkShield explained, Arcadia Finance lacks the reentrancy protection, which means the hacker could reenter and drain out the remaining funds as well. This lack of reentrancy protection allows for liquidation to take place instantly and bypasses the internal vault health check.

The majority of the funds were of Optimism summing up to approx. 180 ETH and have been drained out through tornado cash. However, the tokens that were stolen from Ethereum have been stranded in a suspected wallet address.

Quarter two of 2023 has seen hacks and exploits in the cryptocurrency platforms resulting in a total loss of over $300 million.

According to a report by blockchain security company CertiK, the total number of hacks and exploits amounted to 212 incidents which resulted in a loss of $313,566,528 from Web3 protocols.

However, CertiK claimed that compared to the Q2 of 2022, the hacks have declined by 58%. Out of those reported hacks, Binance Smart chain appeared to be the most hacked platform of 2023. The hack incidents resulted in 119, procuring losses of $70,711,385. 

Disclaimer: This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.

Author: Puskar Pande

Leave a Reply