- DeFi platform Arcadia Finance has asked a hacker to return stolen funds or they will involve law enforcement agencies
- The Hacker stole close to $500,000 from the platform by mounting a reentrancy attack on July 10
- They have 24 hours to return the funds with the Arcadia team telling the attacker that “it’s hard to hide [their] identity”
DeFi platform Arcadia Finance has asked a hacker to return stolen funds or they will involve law enforcement agencies. The hacker siphoned close to $500,000 from the platform by mounting a reentrancy attack on July 10. The Arcadia team gave them 24 hours to honor the request adding that “it’s hard to hide [their] identity.”
No Place to Hide Online
According to Arcadia, the hacker’s transaction trail provides some important clues that can help to nab him, also noting that they already have leads from analyzing both on-chain and off-chain data.
In their message on Optimism, the platform told the attacker to comply with the request since there’s nowhere to hide “online these days.” The platform didn’t specify the percentage amount the hacker should return, only saying they’ll escalate the issue if the hacker fails to return “any funds.”
A post-mortem report prepared by the DeFi protocol indicated that the attacker exploited a deficiency in the platform’s smart contract code on both Ethereum and Optimism.
Post Mortem of ongoing situation, providing a technical overview and sharing more information on next steps.https://t.co/NPNbbSzKBQ
— Arcadia Finance (@ArcadiaFi) July 10, 2023
The deficiency allowed the hacker to conduct a reentrancy attack, or issue multiple instructions to the smart contract with the aim of confusing the contract. This allowed him to drain funds from the Arcadia liquidity pool.
The hacker has already moved funds siphoned from Arcadia’s Optimism liquidity pool through coin mixing service Tornado Cash.
DeFi Hackers Prefer White Hat Bounties
Efforts by DeFi protocols to negotiate with hackers have seen platforms like Jimbos protocol request a hacker to keep 10% of the funds and return the rest.
A recent report suggested that DeFi hackers are increasingly opting for white hat bounties instead of keeping the entire loot. However, some like the Mango Markets attacker have said they want to keep the funds.
With Arcadia Finance not specifying the amount of funds they need from the hacker, it’s likely the hacker won’t return all the funds.
