As a researcher with extensive experience in the decentralized finance (DeFi) space, I’ve closely followed the recent developments regarding the Pike protocol and the USDC Coin (USDC) exploit that occurred on April 30. Based on my analysis of the available information, it appears that the initial statement from Pike regarding the vulnerability being in USDC was not entirely accurate.
As a crypto investor, I’ve received some good news from the Decentralized Finance (DeFi) protocol Pike regarding the USDC Coin (USDC) vulnerability they disclosed earlier. In a recent update, they’ve clarified their initial statement to provide more context about the situation. This announcement comes in the wake of the unfortunate exploit that occurred on April 30, resulting in a loss of approximately $1.6 million.
On May 1st, Pike disclosed that an exploit affecting their platform was linked to a vulnerability in USDC, not USDC’s product range itself.
“This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.”
The DeFi protocol corrected their earlier announcement, clarifying that the language used did not fully capture the essence of the incident that occurred.
Pike pointed out that the vulnerability stemmed from CircumventingCircle’s oversight in securing their contract functions while transferring funds using the Cross-Chain Transfer Protocol (CCTP) offered by USDC issuer, Circle.
Pike explained that the underlying issue of the security vulnerability has no connection to Circle’s product features.
In my latest investigation, I uncovered that Pike Finance disclosed in a prior statement that their auditing partner identified a weakness responsible for the initial cyberattack on April 26th. However, they mentioned that their team was unable to rectify the issue at that time.
“It is important to clarify that this vulnerability was previously identified by our auditing partner, OtterSec. Our developer team was unable to address the identified vulnerability in a timely manner.”
Pike pointed out that the security vulnerability arose due to inappropriate implementation of external tools such as CCTP and Gelato Network’s automated services by their team.
The initial attack led to the theft of $300,000 worth of digital assets.
On April 30th, an attacker exploited a weakness in the smart contract of the protocol, resulting in a theft of approximately $1.68 million worth of assets. This included $1.4 million in Ether (ETH), $150,000 in Optimism (OP) tokens, and around $100,000 in Arbitrum (ARB) tokens.
I identified that two separate attacks stemmed from the same underlying issue with the smart contract. The protocol’s design unwittingly created a misalignment that, over time, enabled attackers to circumvent administrative controls and ultimately drain funds from the contract.
Despite persistent security threats in the cryptocurrency realm, available data indicates a significant reduction in crypto-related hacking incidents and their subsequent financial losses during April, as compared to both February and March.
As a researcher studying the trends in cryptocurrency hacks, I discovered that the reported losses from hacking incidents in April decreased significantly to approximately $60 million, marking a substantial drop compared to February’s record-breaking $360.8 million and March’s $187.6 million.
Read More
- Top gainers and losers
- DOP PREDICTION. DOP cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- KAI PREDICTION. KAI cryptocurrency
- MOCHI PREDICTION. MOCHI cryptocurrency
- SILLY PREDICTION. SILLY cryptocurrency
- STOG PREDICTION. STOG cryptocurrency
- WRLD PREDICTION. WRLD cryptocurrency
- WOJAK PREDICTION. WOJAK cryptocurrency
2024-05-02 10:52