Reports are emerging that the decentralized finance (DeFi) platform Arcadia Finance may have become the latest exploit victim. A leading blockchain security firm has detected spurious transactions on the network, but Arcadia has yet to confirm.
On July 10, blockchain security firm PeckShield reported that one of its community contributors detected an exploit on margin lending platform Arcadia Finance.
Another DeFi Exploit
The platform had been exploited on Ethereum and layer-2 network Optimism for around $455,000, it reported.
It added that the exploiter has already transferred around 179 ETH by bridging 148 ETH and swapping 59,000 USDC to Tornado Cash.
Arcadia Finance flow of stolen funds. Source: Twitter/@PeckShieldAlert
PeckShield added that its analysis of the hack shows that the losses are “due to the lack of untrusted input validation, which is exploited to drain funds from both darcWETH and darcUSDC vaults.”
Additionally, “there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check,” it added.
There were no alerts, updates, or further details on the Arcadia Finance Twitter feed.
Find out how to harness AI for crypto trading: 9 Best AI Crypto Trading Bots to Maximize Your Profits
BeInCrypto reached out to Arcadia Finance for further details but had not received a response at the time of publication. Arcadia is a non-custodial protocol enabling composable cross-margin accounts on-chain.
Additionally, DeFiLlama reported a sharp drop in Arcadia Finance TVL a couple of hours ago. It fell 76% from $605,000 to $145,000.
DeFi Exploits Not Slowing
The latest DeFi exploit follows the $126 million Multichain hack on July 7. Over the weekend, stablecoin issuers Tether and Circle blacklisted five addresses that received some of the stolen funds.
Furthermore, the Poly Network was exploited again earlier this month, losing $10 million to hackers.
In a related development, Solana-based leveraged NFT trading platform Robox also reported an exploit on June 10.
“We have detected and confirmed malicious activity that has resulted in the exploitation of our aggregated liquidity pool.”
However, details were few and far between at the time of writing.
Sourced from cryptonews.net.