Pike DeFi Protocol Clarifies $1.6M Exploit Origins; Hack Losses Decrease in April
Summary:
Pike DeFi protocol has clarified its earlier statement regarding a $1.6 million exploit due to a vulnerability in its system, stating that it is not linked to any failures in USDC Coin's product offerings. The exploit was a result of security lapses in contract functions involving Cross-Chain Transfer Protocol. Pike also admitted the same vulnerability facilitated a breach on April 26 and April 30, with the latter draining $1.68 million across Ethereum, Arbitrum, and Optimism. Despite recurring crypto-related thefts, losses from hacks in April significantly decreased compared to February and March.
In a follow-up to its prior disclosure, the DeFi (Decentralized Finance) platform, Pike, clarified a previously reported vulnerability issue concerning USDC Coin (USDC). This comes after the platform fell prey to a $1.6 million exploit on April 30. On May 1, Pike issued an update dismissing the notion that the breach was connected to any deficiency in USDC’s products. They stated, “The exploit on the 26th of April, reported earlier, was tied to a preliminary vulnerability in USDC.” Nonetheless, Pike promptly amended its statement, declaring that the description they used failed to accurately portray the actual exploit. Source: Pike Finance The platform pointed out that the exploit had its roots in security lapses within its contract functions while processing transfers via the Cross-Chain Transfer Protocol (CCTP) – a service from USDC-issuer Circle. The exploit had, in fact, no connection to the efficacy of Circle’s offerings. In an earlier update, Pike Finance revealed that the vulnerability that led to the initial April 26 hack was already identified by their auditing partner, OtterSec, but their development team couldn't fix it in time. They confirmed, “A previous vulnerability, which was identified by our auditors OtterSec, was not rectified promptly by our developers.” Pike also stated that the exploit was the outcome of a flawed integration of the CCTP and services like Gravity Network's automation infrastructure which resulted in the theft of $300,000 in digital assets. Coincidentally, on April 30, an exploiter leveraged a loophole in Pike's smart contract to drain approximately $1.68 million across Ethereum, Arbitrum, and Optimism. This included $1.4 million in Ether (ETH), $150,000 in Optimism (OP), and roughly $100,000 in Arbitrum (ARB) tokens. Pike admitted that the exploits were a consequence of an identical smart contract vulnerability. The misalignment in the contract eventually permitted the thieves to evade admin restrictions, and extract funds. While crypto-related theft persists, data shows a significant drop in losses for April compared to the prior two months. On May 1, PeckShield reported that the losses resulting from hacks in April dipped to a bottom of $60 million, a dramatic reduction from $360.8 million in February and $187.6 million in March.
Published At
5/2/2024 10:36:53 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.