The decentralized finance (DeFi) ecosystem has experienced yet another security breach, as Rodeo Finance, a platform operating on the Arbitrum Network, fell victim to a hack resulting in the loss of 472 ether (equivalent to $888,000).
This incident adds to a string of recent exploits targeting DeFi protocols, raising concerns about the security of blockchain networks.
Blockchain security firm PeckShield discovered that the attacker behind the Rodeo Finance exploit transferred the stolen funds from Arbitrum to Ethereum, emphasizing the vulnerability of interconnected blockchain networks.
A closer analysis revealed that the hacker converted the stolen tokens into various assets and eventually converted them back to ether, further obscuring the origin of the funds.
Notably, the hackers employed Oracle manipulation techniques to manipulate price feeds and exploit the platform, resulting in significant losses for the protocol.
The Rodeo Finance hack is the latest in a series of DeFi exploits that have plagued the industry. Just a few days prior to this incident, the Arcadia platform fell victim to a hack, where hackers exploited a code vulnerability to steal approximately $500,000 from the protocol’s Ethereum and Optimism vaults. These recent incidents highlight the urgent need for enhanced security measures within the DeFi space.
After converting the stolen tokens to ether, the hacker attempted to conceal the trail of the funds by funneling them through Tornado Cash, a crypto mixer commonly used to obscure transaction histories.
This tactic complicates the process of tracing stolen funds, making it more challenging to identify the perpetrators and recover the losses.
The Rodeo Finance exploit represents the third security breach on the Arbitrum Network within the past four months.
In April, Sentiment, another platform operating on Arbitrum, lost $1 million to a DeFi exploit, followed by a security breach in May where Jimbos protocol suffered a $7.5 million loss.
These incidents underline the pressing need for heightened security measures and improved auditing practices on the Arbitrum Network to safeguard user funds.
According to a report by the bug bounty platform Immunefi, DeFi hacks across various blockchains surged by 63% in the second quarter of 2023 compared to the same period last year.
Notably, DeFi platforms experienced a collective loss of $228 million in Q2 due to 79 separate hack incidents. The Atomic Wallet hack, where the notorious hackers from the North Korea-linked Lazarus Group reportedly exploited the wallet for $100 million, and the exit scam by the now-defunct Fintoch platform, which resulted in $32 million in user funds disappearing, were the primary contributors to the significant losses incurred.
While the majority of losses in the last quarter were concentrated on BNB Chain and Ethereum, the Arbitrum Network accounted for 12% of the total losses.
This highlights the importance of addressing the security vulnerabilities within the network promptly. Stakeholders, including developers, auditors, and users, must collaborate to implement robust security measures and conduct comprehensive audits to mitigate the risks associated with DeFi platforms operating on the Arbitrum Network.