Cascade, the Polychain and Variant-backed perpetuals platform, has suffered an exploit on its Cascade Liquidity Strategy (CLS) vault, resulting in 1.34 million USDC being drained from user funds, according to blockchain security firm PeckShield.
In an X post on Wednesday, Cascade has reported the exploit affecting the CLS vault. Security firm PeckShield added that the exploiter has already moved the stolen funds across three networks to cover their tracks.
“The exploiter has bridged the stolen funds from Arbitrum to Solana, and then bridged them to Ethereum via Relay Protocol in DAI,” wrote in the alert.
Stolen Funds Traced Across Arbitrum, Solana, and Ethereum
On-chain data shows the full laundering trail. The exploiter first moved 1.34 million USDC on Arbitrum to the address 0x2B59…9b55, before shifting the entire amount to a second wallet, 0x5fa1…72cef.
From there, the full 1.34 million USDC was bridged to the Solana address GkfyojBJqYiASWnepUpTzytep3GsCxg8BoRgUaRhejcX, and then routed back to Ethereum through the Relay Protocol after being swapped into DAI.
On Ethereum, the funds landed in two tranches at the same wallet, 0x858…eC206, one of 801,212 DAI and another of 536,000 DAI. The second tranche was then split into three separate wallets holding 178,000 DAI, 178,000 DAI, and 180,000 DAI, respectively, taking the traced total to roughly 1.33 million DAI.
The hop through Solana and the swap from USDC into DAI is a familiar pattern among exploiters, as DAI cannot be frozen by a central issuer the way Circle can blacklist USDC addresses.
User Pre-Allocations Were Locked in the CLS
The exploit is particularly painful for Cascade users because the CLS vault holds pre-allocated deposits from the platform’s invite-only First Wave campaign. According to Cascade’s documentation, the CLS is the protocol’s native liquidity strategy, designed to underwrite orderbook depth and liquidation flows, and users deposited USDC on Arbitrum into it to earn reward points ahead of the public launch.
Those pre-allocated funds were locked until trading went live, meaning affected depositors had no way to withdraw before the exploit. Cascade had progressively raised the CLS cap through early 2026 and held its final pre-allocation event on January 21, opening an additional $5 million window to eligible users.
Cascade closed a $15 million seed round led by Polychain and Variant in December 2025. The startup has branded itself as a “neo-brokerage,” aiming to offer 24/7 perpetual trading on everything from crypto and commodities to tokenized pre-IPO equities like OpenAI, SpaceX and Stripe, with mainnet targeted for Q1 2026.
Second Vault Exploit in Two Days
The Cascade incident comes barely a day after Ostium, another Arbitrum-based perpetuals platform, paused all trading following an oracle-based exploit that drained an estimated $18 million in USDC from its OLP vault. Notably, The Block had previously compared Cascade’s permissioned market rollout approach to Ostium’s model.
July has been a brutal month for DeFi vaults overall. Lazy Summer Protocol lost around $6.04 million to a share price manipulation attack on July 6, and Bonzo Finance on Hedera lost $9 million to an exposed price oracle days later.
This is a developing story and will be updated as Cascade or security researchers release further details.
Also Read: Lumi Finance Drained of $270K on Arbitrum via Smart Account Exploit
