On Tuesday, Arcadia Finance reported an exploit that resulted in the theft of approximately $2.5 million in USDC and USDS. The attack took place on the Base blockchain, targeting a flaw in their Rebalancer contract that allowed unauthorized transactions.
According to blockchain security experts at Cyvers, the attacker manipulated arbitrary swapData parameters, leading to a rogue swap that drained assets from user vaults. The exploit was executed swiftly, with the malicious contract being deployed and triggered within a minute of the attack commencing.
The stolen assets were converted to Wrapped Ethereum (WETH) on the Base network and subsequently transferred to the Ethereum mainnet. Cyvers highlighted that the funds were sent through newly created intermediary addresses, likely to obscure the transaction trail, indicating potential future mixing or decentralized exchange activity.
In total, around 2.3 million USDC and approximately 227,000 USDS were stolen, resulting in a loss of $2.5 million for Arcadia Finance. The attacker received 199 WETH and nearly one billion AERO tokens across twelve affected addresses during the swap process.
The Arcadia Finance team acknowledged the incident on social media, stating, "The team is aware of unauthorized transactions via a Rebalancer." They urged users to remove permissions for asset managers and revoke any granted permissions to minimize further risks.
The incident highlights ongoing security challenges within decentralized finance (DeFi) platforms and emphasizes the importance of robust security measures in the crypto space. In light of this exploit, Cyvers has recommended blacklisting all involved addresses on both Base and Ethereum and alerting major exchanges to prevent further transactions involving the stolen assets.
As DeFi continues to grow, incidents like this serve as critical reminders of the vulnerabilities present in these systems. With over $2.47 billion lost due to hacks and scams in just the first half of 2025, strengthening security protocols is essential for protecting user assets against future threats.
