Arcadia Finance exploited, $2.5M stolen and converted to WETH

Arcadia Finance, a decentralized concern (DeFi) level operating connected the Base blockchain, suffered an exploit resulting successful the theft of astir $2.5 cardinal successful cryptocurrency.

The attacker exploited a vulnerability successful Arcadia’s Rebalancer declaration by abusing arbitrary swapData parameters, enabling a rogue swap that drained assets from idiosyncratic vaults, according to an alert from blockchain information institution Cyvers.

In a study shared with Cointelegraph, Cyvers said the exploit unfolded connected Tuesday astatine 04:05:58 UTC. The attacker deployed a malicious declaration and triggered the exploit wrong a minute. The stolen tokens were past swapped to Wrapped Ethereum (WETH) connected the Base web and bridged implicit to the Ethereum mainnet.

Cyvers flagged that each looted funds resided down caller intermediary addresses connected Ethereum, indicating an effort to obfuscate the way done fragmentation and apt mixing oregon decentralized speech (DEX) enactment whitethorn travel soon.

Related: FOMO, lax rules are fueling the crypto transgression supercycle

$2.5 cardinal successful USDC, USDS stolen

The stolen tokens included astir 2.3 cardinal USDC (USDC) and astir 227,000 USDS, a $2.5 cardinal loss. The attacker received 199 WETH and 965.8 cardinal AERO tokens during the swap process, crossed 12 impacted addresses.

Cyvers recommended blacklisting the progressive addresses connected some Base and Ethereum, notifying large exchanges and bridges to halt inbound transactions and sharing suspicious enactment reports with instrumentality enforcement.

In a Tuesday station connected X, the Arcadia Finance squad confirmed the exploit. “The squad is alert of unauthorized transactions via a Rebalancer. Remove each permissions for plus managers. More accusation volition follow,” the squad said.

They asked users to revoke immoderate permissions granted to rebalancers wrong Arcadia’s level to minimize further risk.

Arcadia Finance squad asked users to region balancers. Source: Arcadia Finance

Related: Hacker returns stolen funds from $40M GMX exploit

$2.47 cardinal stolen successful archetypal fractional of 2025

The archetypal fractional of 2025 has seen much than $2.47 billion successful losses due to hacks, scams and exploits, representing a astir 3% summation implicit the $2.4 cardinal stolen successful 2024.

More than $800 cardinal was mislaid crossed 144 incidents successful Q2, a 52% alteration successful worth lost compared to the erstwhile quarter, with 59 less hacking incidents, CertiK said successful a study earlier this month.

Cointelegraph has reached retired to Arcadia and volition update this portion should we perceive back.

Magazine: Coinbase hack shows the instrumentality astir apt won’t support you — Here’s why