DeFi lender Pike Finance loses $1.9M to two hacks in less than a week

Pike Finance has been Hacked for the second time in four days, with losses across the two incidents totaling approximately $1.9 million.

In response to the first hack, on April 26, the team immediately paused the protocol. However, this opened up a new vulnerability that was exploited between 21:45 and 22:20 (UTC) on April 30.

Crypto security firm Ancilia quickly identified three malicious transactions on the Optimism, Arbitrum, and Ethereum networks. Ancilia states the attacker was able to ‘upgrade’ and take control of the Pike Finance contracts, which allowed them to withdraw the funds held within.

The stolen assets were swapped to ETH and consolidated in the attacker’s Ethereum address before being deposited into privacy protocol Railgun.

Read more: Hackers switching to centralized exchanges to fund crypto attacks

The hack was acknowledged by the Pike team on X (formerly Twitter). The post put the losses at approximately 64k OP ($150,000), 100k ARB ($105,000), and 480 ETH ($1.4 million) and admitted that the hack was related to the previous incident.

The last time Pike Finance was Hacked (three days ago), it suffered losses of around $300,000 worth of the USDC stablecoin. The resulting funds were swapped for ETH and transferred to the crypto-mixing service Tornado Cash.

According to the earlier incident’s post-mortem report, the protocol was paused to prevent any further losses while the incident was investigated. The report also admits that the vulnerability had been reported by auditors OtterSec, but that the Pike team “was unable to address the identified vulnerability in a timely manner.”

However, as described in today’s response to the second hack, pausing the contracts inadvertently introduced “an additional dependency within the smart contract code.” This led to a “misalignment in storage mapping” which the attacker could take advantage of, reinitializing the contract and assuming full control.

Pike Finance has offered a 20% bounty for the return of the funds and has promised to provide a “plan to make users whole.”

The community’s opinions on this response can be seen in the Pike Finance Discord.

Read more: Tornado Cash funds ‘at risk’ after hacker injects malicious code

After being hit twice in a row, users are understandably upset, and some have suggested that Pike Finance refund pre-sale investments.

This in itself has, predictably, opened up another potential attack vector as scam replies (impersonating the Pike Finance account) promise a refund to victims as part of a common phishing technique.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

Comments

Post a Comment

Popular posts from this blog

Japan’s largest banks team up to bring stablecoins to Cosmos

TOKI, a cross-chain bridge provider and partner of Progmat, will be working with Noble, a token issuance protocol, to bring fully collateralized Japanese stablecoins to the Cosmos ecosystem. Progmat is a project launched by Mitsubishi UFJ Trust and Banking (MUFG) — the largest bank in Japan, and has the support of over 200 Japanese companies including major banks such as SMBC and Mizuho. The Japan Exchange Group (JPX) is also involved in the project.  Motoki Yoshida, marketing manager of TOKI, told Blockworks that Progmat is currently building a platform that will enable banks and regulated financial institutions to issue their own stablecoin s. “The basic architecture involves financial institutions interested in issuing stablecoins depositing an equivalent amount of fiat currency with MUFG’s trust bank. Progmat then issues an equivalent amount of stablecoins. The funds in the trust bank are bankruptcy-remote, making this potentially the most secure stablecoin for use on public
Read more

The last Bitcoin: What will happen once all BTC are mined?

Image
According to some experts, miners will always be essential to the Bitcoin ecosystem, even after mining the last coins. Satoshi Nakamoto mined the genesis block on Jan. 3, 2009, minting the first 50 Bitcoin (BTC) in history and kicking off what would become a billion-dollar industry centered around mining crypto. However, with a cap on Bitcoin supply, the fate of miners after the last coins are issued is unclear.  Bitcoin is created through mining, a process involving computer hardware to solve complex mathematical problems and verify transactions on the blockchain network. For their efforts, miners are rewarded with a predeter mined amount of BTC for each block of transactions. According to the Blockchain Council, more than 19 million BTC has been awarded to miners in block rewards, and according to Nakamoto’s white paper, only 21 million are available. Once this cap is reached, miners will no longer receive rewards for verifying transactions. Speaking to Cointelegraph, Nick Hansen,
Read more

FLOKI launches real-world asset tokenization platform TokenFi, token surges 29.01%

FLOKI token price has surged by 29.01% surge in the last 24 hours. The price gain is attributed to the launch of TokenFi, a real-world asset tokenization platform. TokenFi empowers users to tokenize real-world assets without coding skills. In a significant move that is reverberating through the cryptocurrency world, the FLOKI token has experienced a remarkable 29.01% surge in its price over the past 24 hours. This sudden boost in value is directly attributed to the launch of TokenFi, a novel platform dedicated to real-world asset (RWA) tokenization. TokenFi, introduced by the Floki development team, marks a pivotal shift for the once-meme coin project, positioning it as a formidable contender in the decentralized finance (DeFi) ecosystem. Revolutionizing RWA tokenization using TokenFi TokenFi is designed to facilitate the tokenization of real-world asset s without requiring users to possess coding skills. FLOKI LAUNCHES TOKENFI (with "TOKEN"
Read more