Pickle Finance, the popular DeFi project, just got hacked out of $20 million as the platform announced hours ago so let’s find out more in today’s altcoin news.
Pickle finance announced that the funds deposited in one of the smart contracts were stolen by a hacker and now the team started investigating how the hacker stole about $20 million in funds. Their wallet is “Dormant” and hasn’t started the “money laundering process” which tends to follow every hack. If a hack was not enough, Pickle Finance’s token crashed moments after and lost about 58% of its value in a few hours.
Whoever attacked the protocol stole the funds from the DAI PickleJar which contained CDAI tokens that were issued by Compound when Pickle Finance deposited them in the protocol. The platform was focused on providing an automatic solution for moving the funds between various DeFi protocols in order to maximize the profits so they required depositing the funds in Compound as a “common ground” for trading and arbitration. The attack of the DeFi protocol is not following the flash loan M.O which the hackers are using most of the time in order to exploit vulnerabilities.
We’re encouraging all LPs to withdraw their funds from the Jars until the issues have been resolved.
— Pickle Finance 🥒 (@picklefinance) November 21, 2020
In the recent hack, the attacker created a malicious contract and used it to interact with legitimate contracts. The co-founder of DeFi Italia, Emiliano Bonassi, described a possible way that the hacker managed to steal the $20 million which was by creating “Bad jars” or contracts that had a similar interface of the “good jars” but they were programmed differently. The attacker exchanged funds between the bad and the good jars and managed to steal $20 million.
“The are sensible ops executed in that method (e.g. approve, withdraw etc). pic.twitter.com/29RNkF4vJb
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020”
The process according to Bonassi was quite complex but he found it strange that the hacker didn’t rely on Flash loans. The recent hacks could be a sign of how immature the entire ecosystem is and why some argue that DeFi is not competition for the more stable and traditional centralized finance protocols. The recent cases of attacked protocols include Harvest Finance, Akropolis, Value DeFi, and Balancer. All of them caused millions of dollars in loss and many of them didn’t have the chance to get their money back because of the decentralized nature of the projects.
Hacks are becoming more popular and the quality of DeFi protocols with the number of new products is improving.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post