Arcadia Finance Loses $2.5 Million in Crypto Hack

Arcadia Finance, a liquidity management platform for decentralized crypto exchanges, was exploited on July 15, resulting in a loss of approximately $2.5 million in crypto assets. The hackers targeted the platform’s rebalancer on the Base network, exploiting a vulnerability in its code.

Following the exploit, the Arcadia team swiftly responded by warning users on X, formerly Twitter, to remove permissions for their asset managers and deactivate active rebalancers to prevent further losses. This proactive measure aimed to mitigate the impact of the breach and protect user assets.

According to blockchain security firm PeckShield, Arcadia Finance lost about 840 Ethereum tokens, valued at roughly $2.5 million at current prices. PeckShield reported that the hackers had already bridged the stolen assets from Base to Ethereum, with the sanctioned crypto mixer, Tornado Cash, reportedly involved in the process.

This incident is not the first time Arcadia Finance has experienced a security breach. In July 2023, the platform suffered a $455,000 hack due to a vulnerability in its code. Despite these setbacks, Arcadia Finance is backed by Coinbase Ventures and is part of the Circle Alliance, which it joined in late June. USDC makes up more than a third of Arcadia’s total value locked (TVL).

In response to the latest exploit, Arcadia Finance has paused its contracts with no clear timeline for resumption. The platform is collaborating with security analysts to determine the cause of the breach and implement necessary measures to prevent future incidents. Arcadia Finance has stated its commitment to working with security partners, law enforcement, and the broader community to resolve the issue and recover funds for its users.

The community and market have reacted with skepticism and concern, highlighting worries about the state of cross-chain security. This incident is part of a broader trend of increased hacking incidents in the crypto sector, with over $2.1 billion stolen across more than 75 hacking incidents so far this year. This figure nearly accounts for the total losses recorded in 2024, indicating a significant increase in attacks compared to previous years.

The Arcadia exploit, while smaller in scale compared to other notable hacks this year, underscores the vulnerabilities that plague the decentralized finance (DeFi) sector. Smart contracts and cross-chain mechanisms, particularly bridges, remain highly susceptible to attacks. According to reports, more than 80% of the stolen funds in 2025 occurred in infrastructure-level breaches, where hackers exploited vulnerabilities to steal large amounts of funds.

One of the most significant hacks this year was the breach of the Bybit exchange in February, where hackers made away with $1.5 billion. This attack, attributed to the North Korea-linked Lazarus Group, pushed the average hack size to double what it was in 2024. Other notable incidents include the $225.6 million Cetus protocol exploit and the $89.1 million hack of the Nobitex exchange in Iran, actions linked to the Israel-based group Gonjeshke Darande.

These incidents highlight the ongoing challenges in securing the DeFi sector and the need for enhanced security measures to protect user assets and maintain trust in the ecosystem.