The decentralized finance platform Arcadia Finance experienced an attack, resulting in approximately $2.5 million in cryptocurrency theft. This incident adds to the growing list of security breaches in the DeFi space in 2025.
Incident Overview
Arcadia Finance, operating on Coinbase's Base blockchain, reported a hack that led to a theft of about $2.5 million. The attack took place on Tuesday at 04:05:58 UTC, where the attacker exploited a vulnerability in the Rebalancer contract by misusing arbitrary swapData parameters.
Details of the Theft and Security Measures
According to a report by the security firm Cyvers, the attacker deployed a malicious contract and executed the drain within a minute, leading to losses of around 2.3 million USDC and 227,000 USDS across 12 impacted addresses. Arcadia Finance confirmed the breach and advised users to revoke permissions for rebalancers to mitigate further risks.
Rising Number of Exploits in DeFi
The incident with Arcadia Finance is part of a broader issue in the DeFi sector, as the first half of 2025 has seen over $2.47 billion lost due to hacks, scams, and protocol exploits. However, CertiK noted a 52% decrease in losses in Q2 2025 compared to the previous quarter.
The situation with Arcadia Finance highlights ongoing vulnerabilities within DeFi systems and the critical need for improved smart contract security and user permission management.
