Arcadia Finance, a decentralized finance (DeFi) platform working on the Base blockchain, suffered an exploit ensuing within the theft of about $2.5 million in cryptocurrency.
The attacker exploited a vulnerability in Arcadia’s Rebalancer contract by abusing arbitrary swapData parameters, enabling a rogue swap that drained belongings from person vaults, in accordance with an alert from blockchain safety firm Cyvers.
In a report shared with Cointelegraph, Cyvers mentioned the exploit unfolded on Tuesday at 04:05:58 UTC. The attacker deployed a malicious contract and triggered the exploit inside a minute. The stolen tokens have been then swapped to Wrapped Ethereum (WETH) on the Base community and bridged over to the Ethereum mainnet.
Cyvers flagged that each one looted funds resided behind recent middleman addresses on Ethereum, indicating an try and obfuscate the path by fragmentation and certain mixing or decentralized trade (DEX) exercise could come quickly.
Associated: FOMO, lax guidelines are fueling the crypto crime supercycle
$2.5 million in USDC, USDS stolen
The stolen tokens included about 2.3 million USDC (USDC) and round 227,000 USDS, a $2.5 million loss. The attacker acquired 199 WETH and 965.8 million AERO tokens in the course of the swap course of, throughout 12 impacted addresses.
Cyvers really helpful blacklisting the concerned addresses on each Base and Ethereum, notifying main exchanges and bridges to halt inbound transactions and sharing suspicious exercise stories with legislation enforcement.
In a Tuesday publish on X, the Arcadia Finance workforce confirmed the exploit. “The workforce is conscious of unauthorized transactions through a Rebalancer. Take away all permissions for asset managers. Extra info will observe,” the workforce mentioned.
They requested customers to revoke any permissions granted to rebalancers inside Arcadia’s platform to reduce additional danger.
Associated: Hacker returns stolen funds from $40M GMX exploit
$2.47 billion stolen in first half of 2025
The primary half of 2025 has seen greater than $2.47 billion in losses attributable to hacks, scams and exploits, representing a virtually 3% enhance over the $2.4 billion stolen in 2024.
Greater than $800 million was misplaced throughout 144 incidents in Q2, a 52% lower in worth misplaced in contrast to the earlier quarter, with 59 fewer hacking incidents, CertiK mentioned in a report earlier this month.
Cointelegraph has reached out to Arcadia and can replace this piece ought to we hear again.
Journal: Coinbase hack exhibits the legislation most likely gained’t shield you — Right here’s why
