VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
According to the incident analysis report released by Arcadia Finance, at 04:05 AM UTC on July 15, 2025, an active exploit targeting a series of peripheral contracts occurred. The attacker abused the delegated powers of Arcadia account owners on the rebalancer and compounder asset manager contracts, resulting in a loss of approximately $3.6 million. This exploit was limited to the asset manager contracts; lending and token contracts were not affected. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 3,600,000.
Primary source
https://arcadiafinance.notion.site/Arcadia-Post-Mortem-14-07-2025-23104482afa780fdb291cd3f41b7fc99 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Arcadia Finance
- bug_class
- logic
- date_occurred
- 2025-07-15
- loss_usd
- $3,600,000
- source_id
- sm:arcadia-finance::2025-07-15
Related — same bug class· logic