Arcadia Finance, a platform that allows people to lend, borrow, or trade without a middleman, has been hacked by a hack resulting in a loss of approximately $2.5 million to $3.5 million. The theft occurred on Arcadia Finance’s rebalancer contract on Base blockchain.
As per the available information, the exploiter found flaws in the rebalancer contract, which manages asset adjustment, and the bad actors used malicious SwapData parameters to trick the system into executing unauthorized swaps, draining users’ vaults.
The theft involves a chain of arbitrary calls allowing repeated exploitation. It is worth noting that the looted amount was swapped to 840 wrapped Ethereum and bridged to the Ethereum mainnet, with some laundered via Tornado Cash.
In an X post dated July 15, 2025, Arcadia Finance said, “ The team is aware of unauthorized transactions via a Rebalancer.” Added “Remove all permissions for asset managers”.
Following the attack on Arcadia Finance, its TVL saw a sudden tumble, reaching a lower point compared to usual days. The community is actively working with law enforcement agencies and cybersecurity firms to recover the looted funds.
The stolen funds comprised 2.3 million USDC and 227,000 USDS tokens.
Arcadia Finance is hacked for the 2nd time
In July 2023, it was also reported that bad actors wiped out $455,000 from Arcadia Finance’s vault on Ethereum and Optimism blockchains, breached weak input validation, and lack of reentrancy protection.
Available information notes that in that particular incident, hackers sent fake or malicious instructions, tricking the system into thinking they were legitimate, allowing them to withdraw funds.
On Optimism blockchains, hackers stole around 180 Ethereum, which were laundered through Tornado Cash, and on the Ethereum blockchain, about $100,000 in assets was stolen and remained in the hacker’s wallet till writing.
This attack on Arcadia Finance exposes common vulnerabilities like weak input checks and missing reentrancy protection, which are critical for securing digital money.
Some most recent hacks in the crypto market
In June this year, Nobitex Iranian crypto exchange, was hacked for $90 million in various crypto coins and tokens, including Bitcoin, Ethereum, and Dogecoin.
The credit of the incident was taken by Predatory Sparrow, a pro-Israeli group of hackers. The bad actors used private keys and administrative credentials to drain exchanges hot wallets across different blockchains.
On June 06, 2025, it was reported that ALEX Protocol, built on Stacks blockchain, was exploited through a vulnerability in its vault permission system, allowing hackers to drain funds.
Most recently, it was reported that the GMX hack has resulted in losses of around $40 million. It is worth noting that the attack targeted active liquidity pools in legacy contracts.
