Arcadia Finance, a liquidity management platform for decentralized exchanges, lost $2.5 million in digital assets to hackers. The bad actors targeted one of the platform’s key features, the rebalancer on the Base network.

After the exploit, the Arcadia team formally took to X to warn users, urging them to remove all permissions for their asset managers and remove active rebalancers to prevent further losses. According to blockchain security firm PeckShield, Arcadia Finance lost about 840 Ethereum tokens, worth roughly $2.5 million at current prices.

PeckShield wrote in an X post that the hackers have already bridged the stolen assets from Base to Ethereum, and the sanctioned crypto mixer, Tornado Cash, reportedly played a part. While the value of Ethereum lost to hackers is relatively small compared to other platforms, this is not the first time Arcadia has suffered an attack. Back in July 2023, the liquidity management platform suffered a $455,000 hack when hackers took advantage of a vulnerability in its code.

Arcadia Finance suffers $2.5M attack amid an increase in crypto attacks

Arcadia Finance is backed by Coinbase Ventures and is also part of the Circle Alliance, which it joined in late June. According to its website, USDC makes up more than a third of Arcadia’s TVL. Arcadia’s contracts have now been paused with no clear timeline for contract resumption. In the meantime, it reports that it is collaborating with security analysts in a bid to ascertain how the breach occurred.

We will continue to work with our security partners, law enforcement, and the broader community to resolve this as best we can. Our number one priority is recovering funds for Arcadia protocol users,” Arcadia said. The crypto community has reacted to the exploit, showing skepticism and concerns, with many worried about the state of cross-chain security.

Meanwhile, Over $2.1 billion has been stolen across more than 75 hacking incidents so far this year, a figure that nearly accounts for the total losses recorded in 2024. This shows an increase in attacks, and they differ in scale and sophistication compared to the years 2024 and earlier. The amount the hackers got away with in the Arcadia exploit is small compared to the larger hacks that have happened this year; however, it calls attention to the vulnerabilities that plague the DeFi sector.

However, one recurring problem is that smart contracts and cross-chain mechanisms, especially bridges, are too open to attacks, and criminals are aware of it. According to reports, more than 80% of the funds stolen in 2025 occurred via infrastructure-level breaches that saw hackers steal more funds than other types of smart contract breaches.

The most notable hack in 2025 still remains that of the Bybit exchange which took place in February. The attack, which remains linked to the North Korean-affiliated Lazarus Group, saw the hackers steal $1.5 billion. Other notable incidents have included the $225.6 million Cetus protocol exploit and the $89.1 million hack of the Nobitex exchange in Iran, actions linked to the Israel-based group Gonjeshke Darande.

The post Arcadia Finance suffers $2.5 million hacker first appeared on Coinfea.