Join 76,598 users and earn money for participation
read.cash is a platform where you could earn money (total earned by users so far: $ 548,388.89).
You could get tips for writing articles and comments, which are paid in Bitcoin Cash (BCH) cryptocurrency,
which can be spent on the Internet or converted to your local money.
Takes one minute, no documents required
Another Day... Another Hack: Someone left the Pickle jar open!
Another day... another hack! How safe is the DeFI world?
Looks like a DeFi pool is hacked every week, while other scams are lurking in the shadows. Pickle Finance is the newest name of projects which were hacked recently, joining Kucoin, Harvest Finance, Akropolis, Origin USD and other projects targeted by cyber attacks. Over $100 million were stolen from DeFi projects in 2020, with more than 50% happening since June. My knowledge about Pickle is limited, as I just seen the name in one of Harvest Finance's pools. Basically, Pickle Finance is focusing on providing an automatic solution for moving funds between various DeFi protocols in order to maximize the profits and rewards. The deposit of Compound is required for trading and arbitration.
Over $20 million worth of DAI were stolen from Pickle Finance on Saturday 21st of November, due to a code vulnerability. The exploit took advantage of the Dai pJar, which leverages Compound to harvest yield for DAI liquidity providers. The address used for the attack is 0x70178102AA04C5f0E54315aA958601eC9B7a4E08, and the stolen funds where not moved from there until Sunday.
Pickle Finance didn't explained how the exploit happened but the Pickle value dropped by 40% after the hack. Harvest Finance moved all DAI from pools into vaults, as a measure of precaution.
This cyber attack was not the usual a flash loan that exploited a vulnerability in the code, similar to what happened to Origin USD and Harvest Finance, but a corrupted contract that was used to fake legitimate contracts. The attacker created contract that mimicked the original contract, quickly exchanging fake cDAI with real cDai between the contracts.
This tsunami of DeFi hacks is a clear sign of how immature the ecosystem is and another example of new DeFi products that are not good enough, with no audits and low security. The $20 million from Pickle will join the millions stolen from Harvest Finance, Origin USD, Balancer, Akropolis, etc.