shield Other · $125K loss

The June 18, 2023 ARA unclassified exploit: where $125K went

Q: How much did ARA lose?

The ARA exploit in June 2023 resulted in $125,000 in losses — the 76th largest of 214 DeFi incidents that year.

Q: When did the ARA hack happen?

The ARA exploit was recorded on June 18, 2023 — 1,031 days ago.

Q: What type of exploit hit ARA?

The ARA incident is classified as a Other. A specific exploit class outside the most common buckets.

Q: How common is the Other pattern seen at ARA?

Our archive contains 188 documented other incidents. The ARA incident is one of them.

Q: How does ARA compare to the largest Other attack?

The largest other incident in our archive is MIMSpell (2024) at $65M. The ARA loss is $125K.

Q: What is the role of Pay To Script Hash (P2SH) in the proposed protocol?

P2SH is used to encode the protocol, allowing for complex payment conditions without smart contracts.

Q: What is SALRS designed for in cryptocurrency transactions?

To conceal the identities of both the payer and payee, ensuring privacy.

On June 2023, ARA was exploited in a other, resulting in approximately $125K in losses. That makes the ARA exploit the 199th largest DeFi incident out of 690 documented in our archive.

Attack Mechanics: How the ARA Other Played Out

Exploit Class Applied to ARA

The ARA incident on June 18, 2023 is classified as a Other. A specific exploit class outside the most common buckets. In the full archive, ARA is 1 of 188 documented other incidents.

ARA in Context

At $125K, the ARA exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — MIMSpell (2024) at $65M.

Prior Other Before ARA

The nearest other incident before ARA was CFC, 3 days earlier on June 15, 2023 ($16K lost). The same exploit class surfaced again within the other attack surface.

ARA Vulnerability Signature

The primary source categorises the ARA exploit specifically as “Incorrect handling of permissions”. This narrower label is entity-specific: it reflects how the ARA contract failed, rather than the broad other pattern alone.

Impact & Recovery for ARA

ARA Loss Figure

The ARA exploit caused $125,000 in losses — a minor (<$1M) incident and the 76th largest of 214 documented in 2023.

Where ARA Sits Among Other Attacks

Ranked by loss size, ARA is the 40th largest of 188 other incidents documented. That puts the ARA loss below the class average of $2.03M.

Timeline Since the ARA Incident

The ARA exploit occurred 2.8 years ago (1,031 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for ARA

Public post-mortem / on-chain analysis for the ARA incident: view source.

FAQ

How much did ARA lose?

The ARA exploit in June 2023 resulted in $125,000 in losses — the 76th largest of 214 DeFi incidents that year.

When did the ARA hack happen?

The ARA exploit was recorded on June 18, 2023 — 1,031 days ago.

What type of exploit hit ARA?

The ARA incident is classified as a Other. A specific exploit class outside the most common buckets.

How common is the Other pattern seen at ARA?

Our archive contains 188 documented other incidents. The ARA incident is one of them.

How does ARA compare to the largest Other attack?

The largest other incident in our archive is MIMSpell (2024) at $65M. The ARA loss is $125K.

What is the role of Pay To Script Hash (P2SH) in the proposed protocol?

P2SH is used to encode the protocol, allowing for complex payment conditions without smart contracts.

What is SALRS designed for in cryptocurrency transactions?

To conceal the identities of both the payer and payee, ensuring privacy.