en
Back to the list

DeFi Protocol Pickle Finance Hacked For $20 Million

source-logo  decrypt.co  + 8 more 22 November 2020 05:00, UTC

The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.

Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. 

In addition in the second invocation for swapExactJarForJar there were passed a target and doing a delegate call to CurveProxyPool 😢

Really complex and is not using at all FlashLoans!https://t.co/6HetsSmdbm pic.twitter.com/RVVyy39IAG

— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020

Yesterday, Pickle “deployed a new strategy” to maximise returns from DAI, a decentralized stablecoin pegged to the US dollar, “Larry the Cucumber,” a team member for Pickle, posted in a Discord chat, according to “statelayer.eth.”

$pickle had just deployed a new strategy for the DAI jar strategy yesterday according to one of their team members 🤔 https://t.co/Jum2aSHUKY pic.twitter.com/N6oDiXN3WM

— statelayer.eth (@statelayer) November 21, 2020

Today, someone drained that wallet of $19.7 million in DAI. 

Specifically, someone drained Pickle Finance’s cDAI jar. cDAI are the tokens that decentralized lending protocol Compound issues its customers when they deposit DAI, a decentralized stablecoin pegged to the US dollar. 

But it doesn’t appear to be the kind of flash loan attack we typically see associated with protocol hacks on this scale. “Normally you'd see the tx calling Aave, Uniswap, or dYdX for the flash loan,” crypto analyst Nick Chong told Decrypt.

An unhappy Pickle Finance user, on Telegram

Following the hack, the price of Pickle Finance's token, PICKLE, fell by 43.8%, according to Coin Gecko, to $12.75.

Until it works out what’s going on, Harvest Finance, a rival DeFi protocol that last month was hacked for $30 million, has moved all of its DAI, as well as stablecoins USDC and USDC, “ to the safety of its vaults until the attack vector is understood,” tweeted Smokatoke, a community rep for Harvest Finance.

decrypt.co

Similar news (8)
Add similar news

Add similar news

Send us a link to a similar news story on another source.

Why do we need it

The citation rate of a news item indicates its importance and significance. The number of mentions in different sources allows you to look at an event from different angles.

Please help us improve the application. If we have published news and you have found a similar one in another source, send us a link to it.