Peckshield, a cyber security firm announced that Arcadia Finance, a non-custodial protocol was a victim of a crypto exploit that led to the loss of hundreds of thousands of dollars. The attacker used a process called frontrunning to exploit the protocol while attempting to erase all tracking data.
Arcadia operates on both the Ethereum and Optimism networks. The attack on Arcadia may negatively impact Optimism as the network was already experiencing a significant drop in revenues.
Arcadia Finance lost around $455,000 after the attack. The amount lost is comprised of both Ethereum and 59,000 USDC.
The attacker a total of 179.3 ETH from the Optimism[OP] network, which was obtained through a combination of 148 ETH that was bridged from the Ethereum network and swapped 59,000 USDC.
The exploiter used a process called frontrunning to transfer all tokens to TornadoCash, a decentralized privacy solution for cryptocurrencies. By using TornadoCash, the attacker hoped to cause confusion in the transaction history, making it more challenging to trace the origins of the transfer.
Frontrunning is the process of quickly placing a transaction ahead of others on a block. Essentially, the exploiter executed a transaction right before a transfer was made from the Optimism chain, enabling them to profit from price discrepancies or manipulate trades to their advantage.
After the attack, Arcadia Finance saw a sharp drop in Total Value Locked, plummeting from around $600,000 to around $144,000.
Optimism, the chain on which Arcadia was attacked has been seeing a steady growth in users in the past few months. However, revenue generated on the chain saw a 52% drop . The chain’s native coin OP has also been on a downward trend as of late.
Just last week, AzukiDao, a decentralized authority for the popular NFT Azuki was reported to be exploited. Exploiters reportedly made a 35 ETH profit after the attack.
@Metasleuth, a crypto analyst claims that the attack was due to a vulnerability that lay within the fact that “the signatureClaimed variable in the contract was not properly checked”.
AzukiDao confirmed the attack and reported that “we close the claiming window and decide to make a proposal that transfer all the tokens to the DAO treasury, and then we will elect the muti-sign contributor from the community.”