A cyber attack on Arcadia Finance, a protocol that allows users to manage cross-margin accounts on the blockchain, led to the theft of about $455,000. The attacker took advantage of a flaw in the code, bypassing the platform’s verification process. The incident underscores the importance of enhancing input validation and reentrancy protection for decentralized finance platforms.
Arcadia Finance confirmed the incident on Twitter and said they had paused the contracts and initiated contact with the attacker. They also said they were working with security experts, law enforcement, and the community to recover the funds and prevent further damage.
We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.
— Arcadia Finance (@ArcadiaFi) July 10, 2023
The Company Contacted the Attacker Soon After
A code vulnerability allowed the hacker to steal about $455,000 from Arcadia Finance, a non-custodial protocol. PeckShield, a blockchain investigator, reported the hack on Arcadia Finance and identified the reason as “the absence of untrusted input validation.” The code did not have a way to verify the inputs that were not trusted.
The attacker has been contacted by Arcadia Finance. The company said on Twitter that it is working with security experts, law enforcement agencies, and other stakeholders to find the best solution. This update came two hours after the attack was detected.
However, some analysts have pointed out that Arcadia Finance’s code has another flaw that could enable instant liquidation without checking the vault’s health status. This could pose a serious threat to the protocol and its users if not fixed soon.
The protocol suffered a theft of assets from its Ethereum and Optimism vaults. The thief exploited a technique called frontrunning to execute transactions before others in the same block. Frontrunning is when someone anticipates and benefits from the actions of other users in a block.
This is another example of how important it is to have proper security measures in place when dealing with cryptocurrency. Companies need to ensure that their code is secure and that they have proper input validation and reentrancy protection mechanisms in place.
The Arcadia Finance hack is one of the many examples of how DeFi protocols are vulnerable to cyberattacks due to code errors, lack of audits, or malicious actors. In the first half of 2023, more than $470 million was lost to 108 protocol attacks, according to web3 security firm Beosin.
This shows that DeFi still has a long way to go before achieving maturity and trustworthiness in the crypto space. Users should always do their own research and exercise caution before interacting with any DeFi application.