More

    Second Exploit in 3 Days: Pike Finance Loses $1.6M


    Key takeaways:

    • Pike Finance was breached, leading to the loss of digital assets valued at $1.68 million.
    • For the return of the funds or information that helps recover the funds, Pike Finance is offering a 20% incentive.

    Pike Finance was breached, leading to the loss of digital assets valued at $1.68 million. This is the second protocol to be exploited in three days, according to the incident.

    On April 30, a $1.68 million vulnerability affecting the Ethereum, Arbitrum, and Optimism chains affected the Decentralized Finance (DeFi) lending protocol Pike Finance, according to a study by on-chain analytics company CertiK.

    According to CertiK, the attacker emptied the contract of over $1.4 million worth of Ether, $150,000 worth of Optimism (OP) tokens, and over $100,000 worth of Arbitrum (ARB) tokens by changing the output address of Pike Finance’s smart contract. On April 26, Pike was the victim of a $300,000 scam as well.

    According to a May 1 X post by Pike Finance, the two assaults were caused by the same smart contract vulnerability that gave the attacker the opportunity to override the contract:

    “This misalignment caused the contract to behave as if it was uninitialized since the *initialized* variable could no longer be accessed. As a result, attackers were then able to upgrade the spoke contracts, bypassing admin access, and as a result, withdraw funds.”

    For the return of the funds or information that helps recover the funds, Pike Finance is offering a 20% incentive. The exploit will be looked into further by the protocol.

    After a few hours of the first X post, Pike Finance made another post mentioning that the exploit occurred due to “weak security” measures in their contract functions when handling CCTP transfers. 

    Recently, Yield Protocol, the defunct decentralized finance (DeFi) lending network, took yet another hit in April 2024 when hackers took advantage of a flaw in its smart contracts. 

    This is despite the platform ceasing operations in December 2023 due to regulatory pressures and a lack of demand. The hack, which was directed at Yield’s contracts on the Arbitrum blockchain, caused the crypto assets to be stolen for about $181,000 in total.





    Source link

    Stay in the Loop

    Get the daily email from CryptoNews that makes reading the news actually enjoyable. Join our mailing list to stay in the loop to stay informed, for free.

    Latest stories

    - Advertisement -

    You might also like...