• A hacker drained approximately $455,000 from the DeFi protocol Arcadia Finance.
• The hacker exploited a code vulnerability due to lack of untrusted input validation.
• Most of the stolen funds were from Optimism and have been washed via Tornado Cash.
Arcadia Finance Hacked on Ethereum and Optimism for $455K
A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability. Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation”.
Hacker Exploited Code Vulnerability
The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults.
Arcadia Responds To Hack
Arcadia Finance has not yet responded to Cointelegraph’s request for comment about the hack. However, the team told Cointelegraph that the root cause pointed out by PeckShield is wrong. Arcadia Finance confirmed the hack two hours after PeckShield’s intimation and subsequently paused the contracts to prevent further bleeding of funds.
Second Vulnerability Found in Code
„In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.“ Most of the stolen funds were from Optimism — approximately 180 Ether ETH — and have been washed via Tornado Cash. However, stolen tokens on Ethereum remain parked at suspected wallet address.