Another Day... Another Hack: Pickle Finance got robbed

Another Day... Another Hack: Pickle Finance got robbed

By PVMihalache | Mind Puzzle | 25 Nov 2020


Another day... another hack!

aadd21579a862a201c2139f72d61e0943d5edead4ae9857dc1ee41d16a32f3fe.jpeg

Looks like a DeFi pool is happening every week, while other scams are lurking in the shadows. Pickle Finance is the newest name of projects which were hacked recently, joining Kucoin, Harvest Finance, Akropolis, Origin USD and other projects targeted by cyber attacks. Over $100 million were stolen from DeFi projects in 2020, with more than 50% happening since June. My knowledge about Pickle is limited, as I just seen the name in one of Harvest Finance's pools. Basically, Pickle Finance is focusing on providing an automatic solution for moving funds between various DeFi protocols in order to maximize the profits and rewards. The deposit of Compound is required for trading and arbitration.

Over $20 million worth of DAI were stolen from Pickle Finance on Saturday 21st of November, due to a code vulnerability. The exploit took advantage of the Dai pJar, which leverages Compound to harvest yield for DAI liquidity providers. The address used for the attack is 0x70178102AA04C5f0E54315aA958601eC9B7a4E08, and the stolen funds where not moved from there until Sunday.

Pickle Finance didn't explained how the exploit happened but the Pickle value dropped by 40% after the hack. Harvest Finance moved all DAI from pools into vaults, as a measure of precaution.

This cyber attack was not the usual a flash loan that exploited a vulnerability in the code, similar to what happened to Origin USD and Harvest Finance, but a corrupted contract that was used to fake legitimate contracts. The attacker created contract that mimicked the original contract, quickly exchanging fake cDAI with real cDai between the contracts. 

a44b8069994f4ea231174d65d1e02a27374d52ac1743634fa90d03b6c00e2a03.jpeg

This tsunami of DeFi hacks is a clear sign of how immature the ecosystem is and another example of new DeFi products that are not good enough, with no audits and low security. The $20 million from Pickle will join the millions stolen from Harvest Finance, Origin USD, Balancer, Akropolis, etc. 

 

Links and referrals:

$100 millions stolen from DeFi in 2020

Pickle got hacked

Coinbase Earn - Up to $59 Compound (COMP)

Coinbase Earn - Up to $52 worth of Orchid (OXT)

Coinbase Earn - Up to $50 worth of EOS

I used Swapzone for the lowest fee swaps

Amazon author page: PV Mihalache

Quality Faucets: Free-Litecoin.com (LITECOIN)

Stakecube (20 daily faucets)

Tier 4 referral system: Horizen (ZEN) & ZCash from PipeFlare GlobalHive

FreeCryptos GangDASH, TRX, ETH, ADABNBLINKNEO & BTC

Coinpot Gang: DASHBCHDOGELTCBTC BTC2

I earn crypto for reading and writing on Publish0x and ReadCash, watching videos on Lbry.tv and surfing online on Brave Browser and Presearch

928bcfa8a88d3b962e756a0d6cd067665949eb5b3656bdbb2bb7198e8ca6a0ba.jpeg

How do you rate this article?


78

0

PVMihalache
PVMihalache

Self-Published Author, Football Referee, Football Coach, Early Crypto Investor, Personal Trainer, Well-Being Guru, Open-Minded, Traveller, Social Media Enthusiast, and many more...


Mind Puzzle
Mind Puzzle

Think! ... it's still free! An amalgam of cryptocurrency, science, arts, news and other manifestations of human intellectual will be published on this blog. Sometimes I will add my personal opinions or midnight revelations

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.