Replace (June 15, 9:12 am UTC): This text has been up to date to embody one more assault on Arcadia Finance, which brings the full misplaced sum to $3.5 million.
Arcadia Finance, a decentralized finance (DeFi) platform working on the Base blockchain, suffered an exploit ensuing within the theft of about $3.5 million in cryptocurrency.
The attacker exploited a vulnerability in Arcadia’s Rebalancer contract by abusing arbitrary swapData parameters, enabling a rogue swap that drained property from consumer vaults, according to an alert from blockchain safety firm Cyvers.
In a report shared with Cointelegraph, Cyvers mentioned the exploit unfolded on Tuesday at 04:05:58 UTC. The attacker deployed a malicious contract and triggered the exploit inside a minute. The stolen tokens had been then swapped to Wrapped Ethereum (WETH) on the Base community and bridged over to the Ethereum mainnet.
Cyvers flagged that every one looted funds resided behind contemporary middleman addresses on Ethereum, indicating an try to obfuscate the path by way of fragmentation and sure mixing or decentralized exchange (DEX) exercise could come quickly.
Associated: FOMO, lax rules are fueling the crypto crime supercycle
$2.5 million in USDC, USDS stolen
The stolen tokens included about 2.3 million USDC (USDC) and round 227,000 USDS, a $2.5 million loss. The attacker obtained 199 WETH and 965.8 million AERO tokens through the swap course of, throughout 12 impacted addresses.
Cyvers later revealed that Arcadia Finance suffered one more assault, with the exploiter efficiently extracting almost $1 million in a number of transactions from the platform. This brings the full misplaced to $3.5 million.
Cyvers beneficial blacklisting the concerned addresses on each Base and Ethereum, notifying main exchanges and bridges to halt inbound transactions and sharing suspicious exercise reviews with regulation enforcement.
In a Tuesday publish on X, the Arcadia Finance workforce confirmed the exploit. “The workforce is conscious of unauthorized transactions through a Rebalancer. Take away all permissions for asset managers. Extra info will comply with,” the workforce mentioned.
They requested customers to revoke any permissions granted to rebalancers inside Arcadia’s platform to decrease additional danger.
Associated: Hacker returns stolen funds from $40M GMX exploit
$2.47 billion stolen in first half of 2025
The primary half of 2025 has seen more than $2.47 billion in losses due to hacks, scams and exploits, representing an almost 3% enhance over the $2.4 billion stolen in 2024.
Greater than $800 million was misplaced throughout 144 incidents in Q2, a 52% lower in worth misplaced in contrast to the earlier quarter, with 59 fewer hacking incidents, CertiK mentioned in a report earlier this month.
Cointelegraph has reached out to Arcadia and can replace this piece ought to we hear again.
Journal: Coinbase hack shows the law probably won’t protect you — Here’s why
Cointelegraph by Amin Haqshanas Arcadia Finance Suffers $2.5M Exploit on Base; Funds Converted to WETH cointelegraph.com 2025-07-15 07:43:48
Source link
