Arcadia Finance, a decentralized finance (DeFi) platform working on the Base blockchain, suffered an exploit ensuing within the theft of about $2.5 million in cryptocurrency.
The attacker exploited a vulnerability in Arcadia’s Rebalancer contract by abusing arbitrary swapData parameters, enabling a rogue swap that drained belongings from person vaults, in accordance with an alert from blockchain safety firm Cyvers.
In a report shared with Cointelegraph, Cyvers stated the exploit unfolded on Tuesday at 04:05:58 UTC. The attacker deployed a malicious contract and triggered the exploit inside a minute. The stolen tokens have been then swapped to Wrapped Ethereum (WETH) on the Base community and bridged over to the Ethereum mainnet.
Cyvers flagged that each one looted funds resided behind contemporary middleman addresses on Ethereum, indicating an try and obfuscate the path by fragmentation and certain mixing or decentralized change (DEX) exercise could come quickly.
Associated: FOMO, lax guidelines are fueling the crypto crime supercycle
$2.5 million in USDC, USDS stolen
The stolen tokens included about 2.3 million USDC (USDC) and round 227,000 USDS, a $2.5 million loss. The attacker acquired 199 WETH and 965.8 million AERO tokens through the swap course of, throughout 12 impacted addresses.
Cyvers really useful blacklisting the concerned addresses on each Base and Ethereum, notifying main exchanges and bridges to halt inbound transactions and sharing suspicious exercise stories with legislation enforcement.
In a Tuesday submit on X, the Arcadia Finance group confirmed the exploit. “The group is conscious of unauthorized transactions by way of a Rebalancer. Take away all permissions for asset managers. Extra info will comply with,” the group stated.
They requested customers to revoke any permissions granted to rebalancers inside Arcadia’s platform to attenuate additional threat.
Associated: Hacker returns stolen funds from $40M GMX exploit
$2.47 billion stolen in first half of 2025
The primary half of 2025 has seen greater than $2.47 billion in losses on account of hacks, scams and exploits, representing an almost 3% improve over the $2.4 billion stolen in 2024.
Greater than $800 million was misplaced throughout 144 incidents in Q2, a 52% lower in worth misplaced in contrast to the earlier quarter, with 59 fewer hacking incidents, CertiK stated in a report earlier this month.
Cointelegraph has reached out to Arcadia and can replace this piece ought to we hear again.
Journal: Coinbase hack reveals the legislation in all probability gained’t defend you — Right here’s why
