Pike Finance, a decentralized finance (DeFi) lending protocol, was attacked twice in a few days. Attackers used a smart contract vulnerability to steal digital assets worth millions. The first raid took place on April 26, and the loss amounted to $300,000. The second one, on April 30, caused the company to lose $1.68 million, which affected its operations across Ethereum, Arbitrum, and Optimism blockchain networks.
The attackers took advantage of a smart contract bug, which allowed them to modify the output address and thus unauthorizedly withdraw over $1.4M in Ethereum, $150,000 in Optimism tokens, and $100,000 in Arbitrum tokens. Post-incident, Pike Finance offered a reward of 20% of the amount or the assets stolen upon information leading to the recovery of the funds or the return of the stolen assets.
#CertiKInsight 🚨
— CertiK Alert (@CertiKAlert) May 1, 2024
Overnight @PikeFinance was exploited for ~$1.68m
The attacker executed the initialize function, adding their address to the _isActive variable
The attacker could then perform an upgradeToAndCall and upgrade to a malicious implementation pic.twitter.com/FyxwlCYkad
Community and Protocol Response
Regarding the breaches, Pike Finance has implemented a number of actions to avoid further losses and address community worries. They recommended that users revoke all their approvals to safeguard their funds, and they have begun refunding some pre-sale deposits. The protocol is closely looking into the incidents and has informed users to expect further instructions.
The community showed great disquiet over the recurrent exploits, particularly in so short a space of time. This sentiment was exacerbated by the perceived slow initial reaction to the first incident, which some believe could have prevented the second attack.
Attention Users:
— Pike (@PikeFinance) May 1, 2024
On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.
This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.
In order to pause the protocol, the spoke…
Cryptocurrency Hacks in Decline
However, despite the cases with Pike Finance, a CertiK report informs that the cryptocurrency sector reported a decrease in the total amount of losses from hacks and scams. April recorded the minimum monthly figure since 2021 of $25.7 million in losses due to such occasions. This is a sharp decrease compared to the previous months, owing to fewer private key compromises and tougher security measures in general.
However, over $502 million was still lost to hacks and exploits in the first quarter of 2024, indicating that security remains a critical issue for the cryptocurrency community.