PeckShield analysts reported that the DeFi protocol of Arcadia Finance was hacked, as a result of which the hacker managed to withdraw digital assets totaling about $455,000.
According to experts, the exploit became possible due to the “lack of reliable input validation.” The code allegedly lacked a mechanism for cross-parsing unconfirmed inputs.
The attack affected the Ethereum (darcWETH) and Optimism (darcUSDC) pools.
“Besides, [у протокола] there is no reentry protection, which allows the instant kill feature to bypass the internal health check of the vault,” added PeckShield.
The Arcadia team confirmed the hack, and a few hours after the discovery of the error, they suspended the execution of contracts.
Most of the stolen funds came from Optimism — 180 ETH (~$336,000 at the time of writing), which has already been sent to the Tornado Cash cryptomixer. Assets withdrawn from Ethereum pools are still at the hacker’s address.
Recall that in July, the cross-chain protocol Multichain suspended work due to a potential hack worth millions of dollars.
Earlier, Beosin experts reported that in the first half of 2023, the digital asset sector lost about $655.6 million as a result of hacker attacks, fraud and rug pull.
According to Immunefi analysts, the number of crypto project hacks has increased by 63%. In the second quarter of 2023, the number of such incidents reached 81.
Found a mistake in the text? Select it and press CTRL+ENTER
ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!