1. BITBILIHome
  2. Article

Hacker exploits vulnerability, drains $455,000 from DeFi protocol Arcadia Finance

143 views

TL;DR Breakdown

  • Hacker exploits code vulnerability in Arcadia Finance, draining approximately $455,000 from the DeFi protocol’s Ethereum and Optimism vaults.
  • The breach highlights the need for improved input validation and reentrancy protection in decentralized finance platforms.
  • The incident contributes to the growing number of cyber attacks in the crypto space, prompting concerns about security and the potential impact on the Optimism network’s revenue and future growth.

Description

Arcadia Finance, a noncustodial protocol supporting on-chain cross-margin accounts, fell victim to a cyber attack that resulted in the loss of approximately $455,000. However, the hacker exploited a code vulnerability, exposing a weakness in the platform’s validation mechanism. The vulnerability allowed unverified inputs to go unchecked, enabling the hacker to drain funds from Arcadia Finance’s … Read more

Arcadia Finance, a noncustodial protocol supporting on-chain cross-margin accounts, fell victim to a cyber attack that resulted in the loss of approximately $455,000. However, the hacker exploited a code vulnerability, exposing a weakness in the platform’s validation mechanism. The vulnerability allowed unverified inputs to go unchecked, enabling the hacker to drain funds from Arcadia Finance’s Ethereum (darcWETH) and Optimism (darcUSDC) vaults.

Code vulnerability leads to significant losses

The breach was first discovered by PeckShield, a prominent cybersecurity firm known for its expertise in the blockchain domain. PeckShield promptly alerted Arcadia Finance about the hack, emphasizing the lack of untrusted input validation as the primary cause of the exploit. Following PeckShield’s intimation, 

The perpetrator demonstrated a swift response by successfully transferring an estimated 179.3 ETH from the Optimism[OP] network. This sum was attained by utilizing a combination of 148 ETH, which had been bridged from the Ethereum network, and approximately 59,000 USDC that was swapped.

The stolen funds were laundered through Tornado Cash, a decentralized privacy solution for cryptocurrencies. However, the stolen tokens on the Ethereum network, valued at over $103,000 at the time of writing, remain parked in the suspected wallet address, awaiting further investigation.

Arcadia Finance acknowledged the breach and swiftly halted its contracts to prevent further loss of funds.

PeckShield also disclosed an additional vulnerability within Arcadia Finance’s code. This vulnerability, known as a lack of reentrancy protection, poses a severe risk to the protocol’s internal vault health check. If exploited, this vulnerability could have severe consequences for the platform.

The incident adds to the growing list of cyber attacks and exploits that have plagued the cryptocurrency space during the second quarter of 2023. A recent report by CertiK, a leading blockchain security company, revealed that a total of 212 security incidents occurred during the quarter, resulting in a staggering loss of $313,566,528 from Web3 protocols.

Defi Llama’s data reveals that Arcadia Finance’s TVL has taken a significant hit in the past few days due to the prevailing uncertainty surrounding the company.

Screenshot 2023 07 10 at 11.53.57 AMHacker exploits vulnerability, drains 5,000 from DeFi protocol Arcadia Finance
Arcadia Finance’s TVL declines. Source: DeFi Llama

Impact on Optimism network and future growth

The exploitation of Arcadia Finance affected the protocol and had implications for the broader Optimism network. Token Terminal’s data indicates that although the number of daily active users on Optimism experienced a robust growth rate of 3.9% over the past week, the platform’s revenue witnessed a significant decline. In just the last seven days, the revenue generated by Optimism plummeted by 52.6%.

This decline in revenue raises concerns about the long-term growth prospects of the Optimism network. Moreover, the OP token, which is closely associated with Optimism, has experienced a substantial decline in price over the past month. Additionally, the velocity of OP token trading has diminished, indicating a decrease in trading activity. It is important to note that the OP token was trading at $1.18 at the time of writing. 

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Hacker exploits vulnerability, drains $455,000 from DeFi protocol Arcadia Finance

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月11日 03:33
Next 2023年7月11日 04:44

Related articles

  • Binance FZE becomes the first exchange to receive an MVP license in Dubai

    TL;DR Breakdown Binance FZE is now the first exchange in the world to receive an Operational Minimum Viable Product(MVP) License in Dubai. Customers in the region can access a trustworthy and regulated service that emphasizes security and complies with very specific tier 1 VA rules. Binance has been actively pursuing regulatory compliance in the United Arab Emirates, following scrutiny in regions such as Cyprus, the Netherlands, and Austria. Description Binance FZE, Binance‘s Dubai subsidiary, has become the first exchange in the world to receive an Operational Minimum Viable Product (MVP) License in Dubai. The license comes from the emirate’s Virtual Asset Regulatory Authority (VARA).  Binance highlighted in the announcement that residents of the UAE and other consumers from around the world who sign up … Read more Binance FZE, Binance‘s Dubai subsidiary, has become the first exchange in the world to receive an Operational Minimum Viable Product (MVP) License in Dubai. The license comes from the emirate’s Virtual Asset Regulatory Authority (VARA).  Binance highlighted in the announcement that residents of the UAE and other consumers from around the world who…

    Article 2023年7月31日

  • Tornado Cash indictment: Coin Center challenges money-transmission claims

    TL;DR Breakdown Coin Center argues that the evidence doesn’t conclusively prove any money-transmission-related crimes. Peter Van Valkenburgh emphasizes that Tornado Cash provides software for money transmission, not the actual money. Valkenburgh believes the indictment contradicts FinCEN’s guidance. Description On August 23, the U.S. Office of Foreign Asset Control (OFAC) made headlines. They accused Roman Storm and Roman Semenov of conspiring to operate an unauthorized money-transmitting enterprise. However, Coin Center, a prominent cryptocurrency advocacy organization, has since voiced its concerns. They argue that the evidence presented doesn’t conclusively prove any money-transmission-related crimes. Coin Center’s … Read more On August 23, the U.S. Office of Foreign Asset Control (OFAC) made headlines. They accused Roman Storm and Roman Semenov of conspiring to operate an unauthorized money-transmitting enterprise. However, Coin Center, a prominent cryptocurrency advocacy organization, has since voiced its concerns. They argue that the evidence presented doesn’t conclusively prove any money-transmission-related crimes. Coin Center’s research director, Peter Van Valkenburgh, has been particularly vocal. In a recent opinion piece, he emphasized that Tornado Cash merely offers software for money transmission. Significantly, it doesn’t provide…

    Article 2023年8月24日

  • Laliga North America teams up with GameOn to develop NFT fantasy games

    TL;DR Breakdown Laliga North America has announced a partnership with GameOn to develop NFT-based fantasy games. Web3 revolution in sports engagement. Description Gaming startup GameOn has inked a new partnership with LaLiga North America to develop groundbreaking NFT-based fantasy games tailored for the passionate fanbase of the Spanish soccer league residing in the United States and Canada. Through this collaboration, fans will gain the ability to purchase packs of LaLiga players as NFTs, ushering in a new … Read more Gaming startup GameOn has inked a new partnership with LaLiga North America to develop groundbreaking NFT-based fantasy games tailored for the passionate fanbase of the Spanish soccer league residing in the United States and Canada. Through this collaboration, fans will gain the ability to purchase packs of LaLiga players as NFTs, ushering in a new era of fan engagement. These NFTs enable users to construct fantasy lineups, with performance-based points awarded based on each player’s real-life on-field performance. GameOn plans to introduce a Laliga app in 2024 Users can enhance their in-game player avatars by equipping them with digital gear…

    Article 2023年9月18日

  • Australian government launches consultation to assess ban on “high-risk” AI

    TL;DR Breakdown The Australian government has initiated an unexpected eight-week consultation period aimed at determining whether certain “high-risk” artificial intelligence (AI) tools should be prohibited. The Australian government seeks feedback on strategies to promote the “safe and responsible use of AI,” exploring options such as voluntary ethical frameworks, specific regulations, or a combination of both approaches. The document emphasizes both the positive applications of AI in sectors like medicine, engineering, and law, as well as the potential harms associated with deepfake tools. The Australian government has initiated an unexpected eight-week consultation period aimed at determining whether certain “high-risk” artificial intelligence (AI) tools should be prohibited. This move follows similar measures taken by other regions, including the United States, the European Union, and China, in addressing the risks associated with rapid AI development. On June 1, Industry and Science Minister Ed Husic unveiled two papers for public review: one on “Safe and Responsible AI in Australia” and another on generative AI from the National Science and Technology Council. These papers were released alongside a consultation period that will remain open until…

    Article 2023年6月5日

  • Gemini Teases XRP Relisting Soon Following Ripple’s SEC Lawsuit Victory

    TL;DR Breakdown Gemini teases the potential relisting of XRP following Ripple’s legal win against the SEC, which has led to a surge in XRP’s trading volume and price. Gemini’s CEO, Cameron Winklevoss, expresses optimism about Bitcoin accumulation, as spot Bitcoin ETF filings signal growing institutional interest in the leading cryptocurrency. Description United States-based cryptocurrency exchange Gemini has hinted at plans to relist the XRP token on its platform, following Ripple‘s recent legal victory in the U.S. Securities and Exchange Commission (SEC) lawsuit. The development comes in the wake of several top crypto exchanges, including Coinbase and Kraken, already reinstating XRP trading after the July 13, 2023 … Read more United States-based cryptocurrency exchange Gemini has hinted at plans to relist the XRP token on its platform, following Ripple‘s recent legal victory in the U.S. Securities and Exchange Commission (SEC) lawsuit. The development comes in the wake of several top crypto exchanges, including Coinbase and Kraken, already reinstating XRP trading after the July 13, 2023 Summary Judgment by Judge Analisa Torres. Her ruling effectively reopened the doors for XRP trading on…

    Article 2023年7月22日
TOP