DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K

cointelegraph.com:

A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.

Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults.

Arcadia Finance has not yet responded to Cointelegraph’s request for comment.

Arcadia Finance confirmed the hack two hours after PeckShield’s intimation and subsequently paused the contracts to prevent further bleeding of funds.

We are aware of a potential exploit in our protocol. We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.

While the investigations are underway, Arcadia’s code houses another vulnerability, which could prove catastrophic for the protocol if exploited. According to PeckShield:

Most of the stolen funds were from Optimism — approximately 180 Ether (ETH) — and have been washed via Tornado Cash. However, the stolen tokens on Ethereum — worth over $103,000 at the time of writing — remain parked at the suspected wallet address.

Related: Multichain MPC bridge sees $100M+ outflows, sparking fears of exploit

In the second quarter of 2023, hacks and exploits in the crypto space resulted in a cumulative loss of over $300 million.

A report by blockchain security company CertiK showed that a total of 212 security incidents were recorded in the quarter, resulting in a loss of $313,566,528 from Web3 protocols.

Compared with