A hacker has stolen nearly $20 million from DeFi protocol Pickle Finance, according to an official statement on Nov. 22.
- The hacker had drained 19,759,355 DAI from the pDAI PickleJar (forked versions of Yearn Finance vaults) on Nov. 21
- The team conducted a forensic analysis of the exploit, which they labelled as highly complex
- Shortly after the analysis, the team implemented a fix and provided an abridged version of the exploit’s post-mortem
- The attacker created two smart contracts to exploit the swap functions of the PickleJar’s Controller contract, eventually withdrawing DAI from the pDAI PickleJar
- In short, the attacker exploited several design flaws within the platform’s smart contracts
- This hack follows several that have occurred in the DeFi space in 2020, which hackers have targeted as has investors have flocked to its high yield programs
- Harvest Finance recently lost $24 million in hack in the most high-profile case in recent months, and others victims include bZx and Balancer