en
Back to the list

Pike Finance Hit for $1.6M in Second Hack Within 3 Days

source-logo  cryptopolitan.com 01 May 2024 14:32, UTC

Pike Finance, a decentralized finance (DeFi) lending protocol, was attacked twice in a few days. Attackers used a smart contract vulnerability to steal digital assets worth millions. The first raid took place on April 26, and the loss amounted to $300,000. The second one, on April 30, caused the company to lose $1.68 million, which affected its operations across Ethereum, Arbitrum, and Optimism blockchain networks.

The attackers took advantage of a smart contract bug, which allowed them to modify the output address and thus unauthorizedly withdraw over $1.4M in Ethereum, $150,000 in Optimism tokens, and $100,000 in Arbitrum tokens. Post-incident, Pike Finance offered a reward of 20% of the amount or the assets stolen upon information leading to the recovery of the funds or the return of the stolen assets.

#CertiKInsight 🚨

Overnight @PikeFinance was exploited for ~$1.68m

The attacker executed the initialize function, adding their address to the _isActive variable

The attacker could then perform an upgradeToAndCall and upgrade to a malicious implementation pic.twitter.com/FyxwlCYkad

— CertiK Alert (@CertiKAlert) May 1, 2024

Community and Protocol Response

Regarding the breaches, Pike Finance has implemented a number of actions to avoid further losses and address community worries. They recommended that users revoke all their approvals to safeguard their funds, and they have begun refunding some pre-sale deposits. The protocol is closely looking into the incidents and has informed users to expect further instructions.

The community showed great disquiet over the recurrent exploits, particularly in so short a space of time. This sentiment was exacerbated by the perceived slow initial reaction to the first incident, which some believe could have prevented the second attack.

Attention Users:

On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.

This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.

In order to pause the protocol, the spoke…

— Pike (@PikeFinance) May 1, 2024

Cryptocurrency Hacks in Decline

However, despite the cases with Pike Finance, a CertiK report informs that the cryptocurrency sector reported a decrease in the total amount of losses from hacks and scams. April recorded the minimum monthly figure since 2021 of $25.7 million in losses due to such occasions. This is a sharp decrease compared to the previous months, owing to fewer private key compromises and tougher security measures in general.

However, over $502 million was still lost to hacks and exploits in the first quarter of 2024, indicating that security remains a critical issue for the cryptocurrency community.

cryptopolitan.com