Arcadia Finance, a decentralized finance (DeFi) platform operating on the Base blockchain, has fallen victim to a sophisticated exploit, resulting in the theft of approximately $2.5 million in cryptocurrency.
The breach targeted Arcadia’s Rebalancer contract, leveraging a vulnerability related to arbitrary swapData parameters to facilitate unauthorized asset withdrawals from user vaults.
Blockchain security firm PeckShieldAlert reported the exploit, detailing how the hackers used the Rebalancer contract through a malicious contract explicitly deployed for this purpose.
Furthermore, the hackers converted approximately 2.3 million USDC and 227,000 USDS into Wrapped Ethereum (WETH) on the Base network. They then bridged the WETH to the Ethereum mainnet, a common tactic to obscure the movement of stolen funds.
Arcadia Finance Breached
Cyvers further noted that the hacked funds are currently held within newly created intermediary addresses on Ethereum. This fragmentation strategy suggests a deliberate attempt to obscure the trail of the stolen assets, potentially paving the way for mixing services or decentralized exchange (DEX) activity to complicate further tracing efforts.
Moreover, the attacker reportedly received 199 WETH and 965.8 million AERO tokens during the swap process, spread across 12 affected addresses.
In the aftermath of the attack, Cyvers has urged immediate action, suggesting the blocklisting of all involved addresses on both the Base and Ethereum blockchains. They also advised alerting major crypto exchanges and bridge operators to intercept any inbound transactions linked to the compromised addresses.
Arcadia Team’s Reaction
Arcadia Finance said in a post on X that it knows about the security breach. The team confirmed that bad actors made unauthorized transactions using the Rebalancer contract. The team told users to quickly cancel any access they’ve given to rebalancers on the Arcadia platform to stop more damage, stating:
“The team is aware of unauthorized transactions via a Rebalancer. Remove all permissions for asset managers. More information will follow.”
Moreover, this incident highlights the growing vulnerabilities within the DeFi space and the ongoing challenges in securing decentralized protocols. The exploit comes at a time when the crypto industry is struggling with substantial losses attributed to hacks, scams, and exploits.
According to recent reports, the first half of 2025 has already witnessed over $2.47 billion in losses, a nearly 3% increase compared to the $2.4 billion stolen in 2024. While the second quarter of 2025 saw a 52% decrease in value lost compared to the previous quarter, with $800 million lost across 144 incidents.
Ephraim Emmanuel | May 22, 2026
Mishael Nwani | May 21, 2026
Jonathan Agozie | May 21, 2026
Chris Lion | May 19, 2026
