en
Back to the list

Pike Finance Hit by Dual Exploits, Faces $1.6M Loss

source-logo  blockchainreporter.net 01 May 2024 08:20, UTC

A few days ago, Pike Finance, a digital platform, faced a major security breach that caused over $1.6 million to be lost on ARB, ETH, and OP chains. The issue was linked to the USDC security loophole, digital currency, detected on April 26. However, Pike responded promptly to the incident by halting its protocol to make vital updates. Pike’s difficulty began when a new dependency was introduced to its system, which changed the layout in which storage occurs. When the storage arrangement was disrupted, the data was misaligned.

🚨UPDATE🚨@PikeFinance has experienced a security breach and cause more than $1.6M loss on #ARB, #ETH and #OP chains due the initial USDC vulnerability reported on April 26th, protocol paused for upgrades.

The inclusion of a new dependency shifted storage layout, causing… https://t.co/HSqC6Y1nF4

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 1, 2024

Pike Finance Investigates Dual Exploit, Offers 20% Reward

The system was manipulated to exploit this disruption; contracts were invaded, unauthorized access was gained, and funds were withdrawn. The scheme’s beta protocol became a victim of the exploit on April 30; 99,970.48 $ARC, 64,126 $OP, and 479.39

were stolen. It is linked to the previously described issue with the USDC found at Pike earlier this week.

In response to the challenge, Pike temporally paused its protocol. The company then upgraded spoke contracts and added an extra dependency to their smart contract code. However, the addition led to confusion within the data storage; more especially, the initialized variable. This confusion caused the contract setup to misbehave; the contract has been enabled to be manipulated, coordinated contracts, and governance to drain user funds.

While Pike investors are still pursuing investigations, they are willing to offer a 20% reward if anyone returns the funds or provides any solution that can lead to the retrieval of the user funds. Additionally, Pike is committed to providing plain text information and a compensation plan for the victims as soon as possible.

Pike Aims for Stronger Cybersecurity Post-Breach

This security incident reinforces the significance of strong cybersecurity measures within the digital currency space. It currently reiterates the notion that there is always a need to do everything humanly possible to prevent vulnerabilities and safeguard the system against potential threats and risks. Going forward, Pike strives to tighten its cybersecurity system to ensure such incidents do not reoccur.

Ultimately, the Pike Finance attack episode is not entirely bad news since it also provides an opportunity to learn. Through such experiences and measures put in place, Pike wants to come out stronger and offers guaranteed security of clients’ assets.

blockchainreporter.net