Arcadia Finance Loses $3.5 Million in Exploit

Arcadia Finance, a permissionless margin trading and lending platform, has fallen victim to a significant exploit, resulting in the loss of approximately $3.5 million. The incident was first flagged by Certik, a blockchain security firm, early on Tuesday. Certik identified suspicious transactions on the Base network, noting that the exploiter had taken around $1.6 million from Arcadia Finance through arbitrary 'swapdata' on its rebalancer contract. Later, the firm updated the total amount drained to roughly $3.5 million.

Arcadia Finance acknowledged the incident and took immediate action to mitigate the damage. The platform urged users to revoke permissions for its asset managers and advised customers to disconnect rebalancer and compounder tools from their accounts. This proactive response aimed to prevent further losses and protect user assets.

Arcadia Finance, backed by Coinbase Ventures, operates as a decentralized platform that allows users to lend, borrow, and trade digital assets without intermediaries. This incident highlights the ongoing challenges in the crypto security landscape, where decentralized finance (DeFi) protocols are frequent targets for exploits and hacks.

Certik, which is supported by investors including Sequoia Capital, Tiger Global, and Goldman Sachs, is known for its active role in monitoring and reporting on crypto security incidents. The firm reported that $302 million was lost to hacks and scams across DeFi protocols in May, marking a nearly 17% decrease from the previous month. However, the total losses for the year 2025 have already reached $2.5 billion, underscoring the persistent threat to the crypto ecosystem.

This exploit adds to a series of high-profile incidents in the crypto world. Last week, decentralized perpetuals exchange GMX was hit by a major exploit, with attackers stealing more than $42 million worth of crypto. In a surprising turn of events, the hacker began returning the stolen funds after the protocol offered a $5 million bounty and promised no legal action if most of the crypto was returned. Earlier in March, Abracadabra.Finance lost $13 million in a targeted attack after a vulnerability in its GMX-linked lending pools was exploited using a flash loan.

Other platforms have also faced significant security breaches. lost $220 million in May before validators froze and recovered much of it. Nervos Network was exploited for $3 million on June 2. These incidents underscore the need for enhanced security measures and vigilance within the crypto community to protect against such exploits.