New crypto hack on Ethereum and Optimism – The Cryptonomist

Revealed the code to freeze funds from Brazil’s pilot CBDC
Polygon’s “Indore” fork successfully executed
Coinbase was aware of violation of federal security token laws
New crypto hack on Ethereum and Optimism
Coinbase was aware of violation of federal security token laws
Stablecoin: New crypto regulation approved in the UK
President Biden promotes fair tax system: new rules and taxes for crypto
Binance in Germany: license denied by financial regulator BaFin
Revealed the code to freeze funds from Brazil’s pilot CBDC
New crypto hack on Ethereum and Optimism
Crypto Hack: Poly Network bridge hacked for $42 billion but there is not enough liquidity to allow the attacker to monetize
Chainalysis helps Israeli authorities block terrorist activity and seize $1.7 million in crypto
SolarPunk and LunarPunk Take Center Stage at ETHBarcelona 2023
Proof of Talk 2023
Global Crypto Community Convenes at Dubai’s Blockchain Economy Summit, Uniting Industry Leaders for a Groundbreaking Event on October 4-5, 2023
Gaming & eSports in the MENA Region – A Market Worthy of Recognition
Bitget: interview with crypto exchange managing director Gracy Chen
STEPN CEO on how to build a successful NFT marketplace. An interview with Yawn Rong
The Sandbox (SAND) metaverse: interview with CEO Sebastien Borget
2023 CMC: Global Crypto User Adoption Outlook with CZ
Only ten Bitcoin ATMs left in Britain
The Bitcoin halving could cause MicroStrategy’s stock price to skyrocket
Crypto news: Aave votes to launch GHO stablecoin on Ethereum
Reserves on exchanges rising for Tether (USDT): bull market coming?
Only ten Bitcoin ATMs left in Britain
The Bitcoin halving could cause MicroStrategy’s stock price to skyrocket
Excellent news regarding Bitcoin (BTC)
Bitcoin ETF: almost there, but efficacy must be proven to the SEC
Ethscriptions, What Are They and What is Their Difference From Ordinals
Ethereum news: rising fees because of a token
Aave: DeFi protocol governance proposal to acquire $3 million in wstETH and rETH
Proof of Stake Ethereum: possible increase in maximum validator staking limit from 32 to 2028 ETH
Bitcoin mining thrives due partly to competition created by the rise in hashrate
Bitcoin on-chain analysis: many coins from mining activities are headed for exchanges
Bitcoin mining in New York heats swimming pools at a spa
The new frontier of money laundering: mixing dirty money with crypto mining
Crypto news: Aave votes to launch GHO stablecoin on Ethereum
Stablecoin: Tether’s triumph over all others
Bullish outlook for the stablecoin market in the coming years
China’s autonomous territory, Hong Kong, wants to compete with Tether (USDT) and USD Coin (USDC) and create its own stablecoin
Crypto news and price analysis for Polkadot (DOT), Compound (COMP) and Pepe (PEPE)
The value of Shiba Inu compared with Bitcoin and Ethereum
News and market analysis of the crypto assets Monero (XMR), Terra (Luna) and Cardano (ADA)
Prices and crypto news of Turbo, Solana and Ecoterra
Crypto news and price performance of SafeMoon, DeRace and Cronos
Algorand: the crypto crash leads AlgoFi to shut down the platform
Crypto news: Aave votes to launch GHO stablecoin on Ethereum
Aave: DeFi protocol governance proposal to acquire $3 million in wstETH and rETH
The trend of liquid staking crypto platforms: TVL rising significantly on Solana
Decentralized Finance (DeFi) salaries remain high despite crypto market situation
Starbucks and Micah Johnson join forces for Aku NFT project
OpenSea integrates Zora network into its ecosystem
Sorare NFTs: Five auctions for Special Edition NBA Draft Cards
The Metaverse sector holds 43.68% of Web3 investments: the DappRadar report
Gaming Web3: 8 Ball Pool goes up on Immutable zkEVM
eSports: New partnership between Bitget and DOTA 2 Bali Major
The Gods Unchained blockchain game is launched on the Epic Games Store platform
Animoca Brands joins Celo’s crypto ecosystem to accelerate Web3 adoption with sustainability and social impact
The Metaverse sector holds 43.68% of Web3 investments: the DappRadar report
“Spirit of Napa Tei” comes to life in The Nemesis metaverse
Roblox metaverse attracts NFT thieves using crypto phishing
Reental: tokenized real estate company enters Fortnite metaverse
Polygon along with Warner Music Group launch Web3 and music program
NFT art sales on the rise: the ETH chain is first with $85.43 million in sales
New Discoveries Unveil the True Identity of Leonardo Da Vinci and the Authentic Nature of His Works, Paving the Way for Exclusive NFT Collection
Mattia Cuttini’s new NFT solo art exhibition coming soon
Meta vs Twitter, and vice versa
Meta launches Threads: will it compete with Twitter?
SEC: fake news spread about Gary Gensler’s resignation because of AI
Worldcoin: ChatGPT co-founder’s crypto project announces collaboration with Auth0 to manage World ID logins in Europe
Revolut launches Ultra platinum card: cashback, enhanced trading and more
Revolut: the global finance app has surpassed 30 million retail customers
Revolut launches version 9.0 of the app: how does it work?
CBDC: Dubai will have its own state “crypto”
Uniswap: the DEX increases in volume thanks to PEPE meme crypto
Uniswap: the crypto DEX has surpassed Coinbase
Copy trading: how it works and which are the best platforms
How to mine Bitcoin in 2022
How to use Solidity from Ethereum
Ethereum: how do smart contracts work?
What exactly is a smart contract?
2021 could be the year of NFTs
Uniswap: the DEX increases in volume thanks to PEPE meme crypto
Uniswap: the crypto DEX has surpassed Coinbase
Copy trading: how it works and which are the best platforms
The price of Ethereum is very low again
Continuously losing money in the Crypto Market? A 20-year trader share his ways to profit
How to buy, sell and create NFTs on OpenSea. The ultimate guide
How Compound works for lending with cryptocurrencies
Crypto gadgets: new physical device for tracking cryptocurrencies
Bitcoin Beach: the wallet project born in El Salvador expands.
LaLiga Names Divi Official Crypto Wallet for MENA, SEA, & China, in World’s First for a Football League
How to configure a MetaMask wallet
Recover a Bitcoin wallet.dat password in 2 minutes!
By Marco Cavicchioli – 10 Jul 2023
A new crypto hack was discovered today: this time the DeFi Arcadia Finance protocol on the Ethereum and Optimism chains was successfully attacked. 
PeckShieldAlert broke the news on Twitter, reporting that the hack netted the attackers about $455,000. 
#PeckShieldAlert Our community contributor has detected that @ArcadiaFi has been exploited on both #Ethereum and #Optimism for ~$455K

The exploiter on #Ethereum was frontrun by 0x5C75e94dD0Ab9c10BFd1B8073DafEF031D3c050dhttps://t.co/blGx5IEAkk

The exploiter on #optimism… pic.twitter.com/WDzF0XVcmL
The hack was also later confirmed by the operators of Arcadia Finance themselves. 
We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.
After a few hours, they reported that they were able to make contact with the hacker, and that they were working together with their security partners, law enforcement, and the community to solve the problem as best they could in an effort to recover funds for protocol users.
Summary
According to PeckShield, the hack to Arcadia Finance’s smart contract was due to untrusted input validation being exploited to drain funds from darcWETH and darcUSDC reserves.
darcWETH and darcUSDC are two wrapped Arcadia Finance tokens, so they each hold reserves. 
Theoretically for every darcWETH token there should be a WETH token in the reserves, and for every darcUSDC token there should be a USDC token. 
Evidently the smart contract that manages the reserves of these two wrapped tokens had a bug that attackers were able to exploit. 
Furthermore, PeckShield discovered a lack of re-entry protection in these smart contracts, which in this way allowed the instant settlement to bypass the internal state check of the reserves manager. 
In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check. pic.twitter.com/Am58ZOvgQJ
To be fair, Arcadia later refuted this reconstruction, but was unable to provide an alternative explanation. 
Most of the funds were stolen from Optimism’s chain, and they were then moved thanks to Tornado Cash in order to lose track of them. 
Arcadia Finance is a DeFi protocol on Ethereum and Optimism that does not have its own native token. 
Before the hack, its TVL was about $600,000, while after the theft it plummeted to $145,000. 
This is a non-custodial protocol that allows for the composition of on-chain cross-margin accounts. 
Users of these margin accounts can collateralize entire wallets, access up to 10 times more capital than their initial collateral value, and use the deposited collateral and borrowed capital to interact with any other DeFi protocol in a permissionless manner. 
Lenders provide liquidity to Arcadia’s loan pools, earning passive returns.
Being non-custodial, the hackers were not able to steal funds directly from users’ wallets, but rather from those used as reserves for issuing the wrapped tokens darcWETH and darcUSDC. 
Thus, no darcWETH or darcUSDC were stolen directly from users’ wallets, but WETH and USDC were stolen from the wallets on which the reserves were held. This means that there is no longer 1 WETH for every darcWETH issued, and 1 USDC for every darcUSDC issued, so effectively users still have all their wrapped tokens but can no longer redeem them.
It is often said that non-custodial wallets are safe, if stored and maintained properly, but sometimes the risks lie upstream. 
Indeed, for any non-custodial wallet there is little difference in storing original tokens, such as USDC, or wrapped tokens, such as darcUSDC. 
However, wrapped tokens have an additional layer of risk. In fact, the custody of the collateral is not done by the users themselves on their non-custodial wallets, but by the managers of the wrapped tokens. 
In fact, this is not very different from a custodial wallet, since custody of the collateral is in some ways equivalent to custody of the wrapped tokens. 
Therefore even if the wallets of users holding wrapped tokens are not breached, in the event of a breach of the reserve wallets, users can still lose their funds, simply because while they still have the wrapped tokens they can no longer redeem them. Their actual value in this way effectively goes to zero. 
This actually applies to USDC as well, because while it is not a wrapped token it is a collateralized stablecoin, meaning it has reserves as collateral, which is held and managed by a single entity (Circle). 
The impact on the crypto markets of this hack has been almost zero, if we exclude the wrapped tokens darcWETH and darcUSDC. 
OP, which is Optimism’s native token, has also not suffered serious losses, so much so that its price today moved in line with those of many other similar tokens. 
Then again, $455,000 is not that much, and by now the crypto markets have developed a habit of this kind of theft on DeFi protocols. 
Moreover, DeFi is not about Bitcoin, and right now it is Bitcoin that is dictating the trend in the crypto markets. 
Situations like this one only serve to provide a better understanding of the risks involved when using DeFi protocols, especially when they are hidden as in the case of wrapped tokens. 
Something much worse had happened in March, when it was discovered that Circle held a significant portion of USDC reserves on the failed Silvergate bank, so much so that for a moment it was feared that the stablecoin might lose its peg with the dollar. 
But then the US central bank intervened directly to cover all the shortfalls, thereby giving all Silvergate depositors back all their funds.
Born in 1975, Marco has been the first to talk about Bitcoin on YouTube in Italy. He founded ilBitcoin.news and the Facebook group” Bitcoin Italia (open and without scam) “.
Marco Cavicchioli – 11 Jul 2023
Reporting the future.
The latest news about Bitcoin, ICO, trading, blockchain and fintech.
Stay updated on all the news concerning cryptocurrencies and the whole world of the blockchain
We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.

source