Pike Finance Hit With Second Attack in Three Days With Losses of $1.6 Million
The post Pike Finance Hit With Second Attack in Three Days With Losses of $1.6 Million appeared first on Coinpedia Fintech News
In an astounding turn of events, the decentralized finance (DeFi) lending protocol Pike Finance was a victim of a new exploit, leading to the loss of $1.68 million worth of digital assets. This is the second hack within three days, which has led to the undoing of the protocols and demonstrated the persisting vulnerabilities in the DeFi sector.
A report by Cyvers Alerts, a blockchain security and analytics firm, revealed that this hacker was able to exploit smart contract flaws on three different chains, Ethereum, Arbitrum, and Optimism on April 30.
—
UPDATE
The inclusion of a new dependency shifted storage layout, causing… https://t.co/HSqC6Y1nF4
The attacker gained control over the output address in Pike Finance’s smart contract and redirected a vast amount of cryptocurrency to their own address. The hackers managed to drain $1.4 million worth of Ether (ETH), $150 thousand in Optimism (OP) tokens and over $100 thousand in Arbitrum (ARB) tokens.
Interestingly this exploit is on the heels of another breach that occurred on April 26 where Pike Finance experienced a loss of $300,000.
The root cause of exploits
In both attacks, the hackers took advantage of the same critical smart contract vulnerability, which gave the attacker a special right to override the capabilities of the contract.
The inclusion of a new dependency shifted the storage layout, causing misalignment. Attackers leveraged this to upgrade contracts, bypass admin access and easily withdraw funds.
Pike Finance to award a bounty
In response to the terrible incidents, Pike Finance initiated proactive initiatives by offering a 20% reward for the return of the funds or any valuable information that could contribute to the recovery of the funds. The protocol plans to conduct a thorough probe and reinforce its security mechanism to avoid such cases in the future.
Crypto Hack Trends of April
Alongside the case study of Pike Finance and its fellow DeFi projects, CertiK reported a deeper trend in the crypto world. In April, hacks and scams on cryptocurrencies dived to a three-year low level, with total loss ranging only to $25.7 million, the lowest monthly figure since January 2021.
This major decline of 141% compared to the previous month‘s value is attributed to the decrease in private key compromises, highlighting the role of security measures and more alertness in the crypto community.
While Pike Finance is still processing the negative consequences of the last two exploits, the crypto as a whole has got to address constantly changing threats, including the high demand for security measures in the rapidly expanding DeFi.
Read More
Pike Finance Hit With Second Attack in Three Days With Losses of $1.6 Million
The post Pike Finance Hit With Second Attack in Three Days With Losses of $1.6 Million appeared first on Coinpedia Fintech News
In an astounding turn of events, the decentralized finance (DeFi) lending protocol Pike Finance was a victim of a new exploit, leading to the loss of $1.68 million worth of digital assets. This is the second hack within three days, which has led to the undoing of the protocols and demonstrated the persisting vulnerabilities in the DeFi sector.
A report by Cyvers Alerts, a blockchain security and analytics firm, revealed that this hacker was able to exploit smart contract flaws on three different chains, Ethereum, Arbitrum, and Optimism on April 30.
—
The inclusion of a new dependency shifted storage layout, causing… https://t.co/HSqC6Y1nF4
The attacker gained control over the output address in Pike Finance’s smart contract and redirected a vast amount of cryptocurrency to their own address. The hackers managed to drain $1.4 million worth of Ether (ETH), $150 thousand in Optimism (OP) tokens and over $100 thousand in Arbitrum (ARB) tokens.
Interestingly this exploit is on the heels of another breach that occurred on April 26 where Pike Finance experienced a loss of $300,000.
The root cause of exploits
In both attacks, the hackers took advantage of the same critical smart contract vulnerability, which gave the attacker a special right to override the capabilities of the contract.
The inclusion of a new dependency shifted the storage layout, causing misalignment. Attackers leveraged this to upgrade contracts, bypass admin access and easily withdraw funds.
Pike Finance to award a bounty
In response to the terrible incidents, Pike Finance initiated proactive initiatives by offering a 20% reward for the return of the funds or any valuable information that could contribute to the recovery of the funds. The protocol plans to conduct a thorough probe and reinforce its security mechanism to avoid such cases in the future.
Crypto Hack Trends of April
Alongside the case study of Pike Finance and its fellow DeFi projects, CertiK reported a deeper trend in the crypto world. In April, hacks and scams on cryptocurrencies dived to a three-year low level, with total loss ranging only to $25.7 million, the lowest monthly figure since January 2021.
This major decline of 141% compared to the previous month‘s value is attributed to the decrease in private key compromises, highlighting the role of security measures and more alertness in the crypto community.
While Pike Finance is still processing the negative consequences of the last two exploits, the crypto as a whole has got to address constantly changing threats, including the high demand for security measures in the rapidly expanding DeFi.
Read More