Arcadia Finance, a protocol based on the Base network, has fallen victim to a $2.5 million exploit. The attacker drained funds by exploiting a vulnerability in Arcadia’s Rebalancer contract using manipulated “swapData” parameters. Cyvers Alerts, a blockchain security firm, first flagged the suspicious activity early Monday.
The stolen assets were quickly swapped for ETH, then bridged from Base to Ethereum, making recovery efforts more difficult. Arcadia has urged users to revoke all asset manager permissions immediately.
The protocol, backed by Coinbase Ventures, enables permissionless lending, borrowing, and trading. However, this exploit exposed vulnerabilities in its asset management tools. Arcadia confirmed the attack via an official statement and promised further updates.
The State of Crypto Security in 2025
According to Certik, the decentralized finance (DeFi) sector has faced losses, reaching $2.47 billion in the first half of 2025. This marks a 3% increase compared to the $2.4 billion lost in 2024. In just the second quarter, there were 144 incidents that resulted in $800 million in damages. While this represents a 52% decrease from the first quarter, it still raises serious red flags for the industry.
Arbitrary call functions, like “swapData,” are becoming go-to attack vectors in smart contract exploits.
In a recent update, blockchain investigator ZachXBT shared on X that he played a key role in freezing $5 million linked to a separate hack involving the Central Bank of Brazil. His work required close collaboration with Tether, Binance, Bitso, Bybit, and Chainalysis.
Also Read: Tornado Cash Developer Roman Storm’s Trial starts in New York
