Arcadia Finance Suffers $455,000 Security Breach

Summary

On July 10, 2023, Arcadia Finance, a DeFi protocol on Ethereum and Optimism, experienced a significant security breach due to vulnerabilities in its smart contract. The incident resulted in a financial loss of approximately $455,000. The breach was due to inadequate security measures in the protocol’s contract, allowing an attacker to manipulate the system for unauthorized asset transfers.

Attackers

The identity of the hackers who attacked Arcadia Finance is unknown.

Hacker Wallets:

Losses

The total loss from the Arcadia Finance hack amounted to approximately $455,000, distributed across the following networks:

  • Ethereum:

    • 148 ETH (275,843 USD)
    • 103,200 USDC
  • Optimism:

    • 59,427 USDC
    • 11 ETH (20,558 USD)

Timeline

Security Failure Causes

  • Smart Contract Vulnerability: The Arcadia Finance hack was caused by vulnerabilities in its smart contracts, particularly in functions related to vault management and liquidation. These issues were exacerbated by inadequate reentrancy protection and poor validation of external inputs. The attacker bypassed security checks to redirect assets and execute unauthorized transactions, resulting in significant fund loss.