Decentralized finance (DeFi) lending protocol Pike Finance smart contract vulnerability led to $1.6 million in stolen funds over three days.
On April 30, Pike Finance suffered a $1.68 million exploit across the Ethereum, Arbitrum, and Optimism chains. This came to light following a report from on-chain analytics firm CertiK.
According to CertiK, the attacker exploited a vulnerability in Pike Finance’s smart contract to change the output address. This allowed them to drain the contract of over $1.4 million in Ethereum, $150,000 in Optimism tokens, and $100,000 in Arbitrum tokens.
This is the second event in a series of attacks, Pike also suffered a $300,000 exploit on April 26.
The two attacks stemmed from the same smart contract vulnerability, which allowed the attacker to override the contract. Pike took to X to explain the situation.
Attention Users:
On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.
This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.
In order to pause the protocol, the spoke…
— Pike (@PikeFinance) May 1, 2024
In response, Pike has launched an investigation into the situation. They are offering a 20% reward, $336,000, for the return of the funds or information to aid in its recovery.
The community’s initial reaction to this news was complete outrage. Pike users were perplexed as to how the problem could have occurred. More so because, following the initial attack, the exploit was allowed to be used again.
Despite the overwhelming backlash, Pike was responsive in providing guidance to help protect users from further losses.
“Pike urges all users to revoke all approvals to prevent loss of funds. We recommend all users to review approvals immediately while we investigate.”
As the community retaliation continued to escalate, Pike responded with an update on their progress.
“Users can now claim refund for their pre-sale deposits, we had temporarily fixed the issue, but we are still investigating.”
However, Pike’s current state is still up in the air as they suggest users “wait for next steps” to be announced on X.
Even though users have received refunds, there has been a shift in attitudes towards Pike. The slow response to the first attack enabled a second, putting its user base at risk.
Users have labeled them as an unsafe and untrustworthy platform, which has left a mark on their reputation.
Since 2021 cryptocurrency hacks have seen a major decline. April marks the lowest monthly total, with only $25.7 million lost.
Total losses from exploits and scams fell 141% from the previous month, mainly attributed to a lack of private key compromises. In March, there were 11 attacks against protocols via private key compromises, whereas in April, there were only three.
This is a clear indication of progress within the space, not only in security developments but in education. People are more aware of how to protect themselves from hacks and phishing attacks.
Despite the record-low month, crypto attacks remain a significant industry issue. Over $502 million worth of digital assets were stolen across 223 hacks and exploits during the first quarter of 2024, according to a CertiK.
Something that Pike has shed light on, urging safe practices and caution from the community.
“Be on the lookout for scammers, impersonators and phishers during this volatile time. If you see posts mentioning a refund or airdrop – be sure to report the accounts responsible.”
The post Pike Finance Exploit Leads to $1.6M in Stolen Cryptocurrency appeared first on Cryptonews.