Another Day... Another Hack: Someone left the Pickle jar open!

3 63

Another day... another hack! How safe is the DeFI world?

Looks like a DeFi pool is hacked every week, while other scams are lurking in the shadows. Pickle Finance is the newest name of projects which were hacked recently, joining Kucoin, Harvest Finance, Akropolis, Origin USD and other projects targeted by cyber attacks. Over $100 million were stolen from DeFi projects in 2020, with more than 50% happening since June. My knowledge about Pickle is limited, as I just seen the name in one of Harvest Finance's pools. Basically, Pickle Finance is focusing on providing an automatic solution for moving funds between various DeFi protocols in order to maximize the profits and rewards. The deposit of Compound is required for trading and arbitration.

Over $20 million worth of DAI were stolen from Pickle Finance on Saturday 21st of November, due to a code vulnerability. The exploit took advantage of the Dai pJar, which leverages Compound to harvest yield for DAI liquidity providers. The address used for the attack is 0x70178102AA04C5f0E54315aA958601eC9B7a4E08, and the stolen funds where not moved from there until Sunday.

Pickle Finance didn't explained how the exploit happened but the Pickle value dropped by 40% after the hack. Harvest Finance moved all DAI from pools into vaults, as a measure of precaution.

This cyber attack was not the usual a flash loan that exploited a vulnerability in the code, similar to what happened to Origin USD and Harvest Finance, but a corrupted contract that was used to fake legitimate contracts. The attacker created contract that mimicked the original contract, quickly exchanging fake cDAI with real cDai between the contracts. 

This tsunami of DeFi hacks is a clear sign of how immature the ecosystem is and another example of new DeFi products that are not good enough, with no audits and low security. The $20 million from Pickle will join the millions stolen from Harvest Finance, Origin USD, Balancer, Akropolis, etc. 

 

Links and referrals:

$100 millions stolen from DeFi in 2020

Pickle got hacked

Join the CakeDeFi revolution and get $30 worth of DeFiChain (DFI)

Coinbase EarnBANDCOMPOrchid &   EOS

Amazon author page: PV Mihalache

Quality Faucets: Free-Litecoin.com (LITECOIN)

Stakecube (20 daily faucets)

Tier 4 referral system: Horizen (ZEN) & ZCash from PipeFlare GlobalHive

FreeCryptos GangDASH, TRX, ETH, ADABNBLINKNEOBTC LTC

Coinpot Gang: DASHBCHDOGELTCBTCBTC2BTC3 & BTC4

I earn crypto for reading and writing on Publish0x and ReadCash, watching videos on Lbry.tv and surfing online on Brave Browser and Presearch. I use Swapzone for the lowest fee swaps

5
$ 2.17
$ 2.17 from @TheRandomRewarder
Sponsors of PVMihalache
empty
empty
empty

Comments

Another day, another hack. So strange the crypto-world.

$ 0.00
3 years ago

But Pickle is funny

$ 0.00
3 years ago

But what actually is this Pickle?

$ 0.00
3 years ago