Leading DeFi protocol Arcadia Finance has suffered an attack that led to the loss of $455,000 in assets. A hacker successfully stole the assets from the non-custodial decentralized finance (DeFi) protocol by exploiting a code vulnerability.

According to leading blockchain security firm PeckShield, the vulnerability was caused by “the lack of untrusted input validation.” The firm said that the code lacked a validation mechanism to cross-check unverified inputs, which allowed the hacker to successfully penetrate the system and drain funds from Ethereum (darcWETH) and Optimism (darcUSDC) vaults.

Arcadia Finance confirmed the incident two hours after PeckShield, and has halted withdrawals to prevent further draining of funds.

“We are aware of a potential exploit in our protocol. We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available,” the protocol wrote in a tweet.

PeckShield said that the hacker has already transferred around 179 ETH by bridging 148 ETH and swapping 59,000 USDC to Tornado Cash, a crypto mixing platform, to prevent any chance of being able to trace the stolen assets.

As a result of the hack, Arcadia Finance’s total value locked (TVL) is said to have dropped by 76% from $605,000 to $145,000.

Another Vulnerability Discovered

Arcadia finance is a DeFi platform that offers decentralized margin trading on decentralized exchanges. The platform works with multiple assets including ERC20s, NFTs, LP tokens, ibTokens, and more.

Its main goal is to solve the problem of collateral fragmentation and illiquidity for all types of tokenized assets. It also offers asset management, instant loans, and vaults to store digital assets and borrow loans by keeping assets as collateral. This makes it possible for any user to secure and manage digital assets and take an instant loan or provide one whenever they want.

The hack is coming barely four months after the platform went live on Optimism, expanding the scope of its services to more users. While investigations are still ongoing, PecksField has identified another potential vulnerability that may be easily exploited in Arcadia Finance’s code.

“In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check,” the firm wrote.

There has been no further comments about the incident from Arcadia Finance, but hopefully more information will be made available soon. Affected investors also haven’t responded and may be waiting to hear more before reacting to the incident.

Crypto Hacks in 2023

One of the greatest concerns around cryptocurrencies is hacks. It is one of the things holding back potential investors from entering the industry, and from gaining the trust of regulators in many countries.

In the second quarter of 2023 alone, hacks accounted for $300 million in losses, resulting from 212 security breaches according to blockchain security company CertiK.

Although the crypto hack incidents have decreased by 58% from Q2 of 2022 according to CertiK, this does not suggest in any way that the security of crypto platforms has improved since hackers keep evolving their methods to beat improvements in security.

Hacks also seem to increase with bull markets, and currently, analysts have predicted that a crypto bull market may be brewing. This calls for utmost caution among investors and crypto platforms like Arcadia.