Blockchain Editor's Picks News

Arcadia Finance Reveals Contact with the Hacker Who Stole $450K

Arcadia Finance

A cyber attack on Arcadia Finance, a protocol that allows users to manage cross-margin accounts on the blockchain, led to the theft of about $455,000. The attacker took advantage of a flaw in the code, bypassing the platform’s verification process. The incident underscores the importance of enhancing input validation and reentrancy protection for decentralized finance platforms.

Arcadia Finance confirmed the incident on Twitter and said they had paused the contracts and initiated contact with the attacker. They also said they were working with security experts, law enforcement, and the community to recover the funds and prevent further damage.

The Company Contacted the Attacker Soon After 

A code vulnerability allowed the hacker to steal about $455,000 from Arcadia Finance, a non-custodial protocol. PeckShield, a blockchain investigator, reported the hack on Arcadia Finance and identified the reason as “the absence of untrusted input validation.” The code did not have a way to verify the inputs that were not trusted.

The attacker has been contacted by Arcadia Finance. The company said on Twitter that it is working with security experts, law enforcement agencies, and other stakeholders to find the best solution. This update came two hours after the attack was detected.

Arcadia Finance

However, some analysts have pointed out that Arcadia Finance’s code has another flaw that could enable instant liquidation without checking the vault’s health status. This could pose a serious threat to the protocol and its users if not fixed soon.

The protocol suffered a theft of assets from its Ethereum and Optimism vaults. The thief exploited a technique called frontrunning to execute transactions before others in the same block. Frontrunning is when someone anticipates and benefits from the actions of other users in a block.

This is another example of how important it is to have proper security measures in place when dealing with cryptocurrency. Companies need to ensure that their code is secure and that they have proper input validation and reentrancy protection mechanisms in place.

The Arcadia Finance hack is one of the many examples of how DeFi protocols are vulnerable to cyberattacks due to code errors, lack of audits, or malicious actors. In the first half of 2023, more than $470 million was lost to 108 protocol attacks, according to web3 security firm Beosin. 

This shows that DeFi still has a long way to go before achieving maturity and trustworthiness in the crypto space. Users should always do their own research and exercise caution before interacting with any DeFi application.

Related posts

Grayscale Extends the Review of its ETHPoW Decision

Afroz Ahmad

Company Bitmain will close the office in Amsterdam

alfonso

The largest bank in Switzerland will start working with cryptocurrencies

alfonso