Pike Finance exploited for $1.6M in second incident in 3 days

As a seasoned crypto investor with a few scars on my investment journey, I can’t help but feel a pang of sadness and frustration upon reading about yet another DeFi protocol exploit. Pike Finance’s latest incident, resulting in the loss of over $1.68 million worth of digital assets across Ethereum, Arbitrum, and Optimism chains, is particularly disheartening.


Over the past few days, Pike Finance has suffered two separate incidents of exploitation, leading to a total loss of approximately $1.68 million in digital assets.

According to a report from CertiK, an on-line analytics firm, Decentralized Finance (DeFi) lending protocol Pike Finance experienced a $1.68 million exploit on April 30th, affecting the Ethereum, Arbitrum, and Optimism blockchain networks.

As a security analyst, I’ve uncovered that an attacker exploited a weakness in Pike Finance’s smart contract, enabling them to alter the designated output address. This manipulation resulted in the theft of approximately $1.4 million in Ether (ETH), $150,000 in Optimism tokens, and over $100,000 in Arbitrum coins, according to CertiK’s assessment.

 Pike also suffered a $300,000 exploit on April 26.

Pike Finance exploited for $1.6M in second incident in 3 days

According to a May 1st post on Pike Finance’s X dao, the two assaults originated from the same weakness in the smart contract. This weakness enabled the hacker to manipulate the contract.

“This misalignment caused the contract to behave as if it was uninitialized since the *initialized* variable could no longer be accessed. As a result, attackers were then able to upgrade the spoke contracts, bypassing admin access, and as a result, withdraw funds.”

Pike Finance is providing a 20% incentive for anyone who helps recover the missing funds or provides valuable information regarding their location. Meanwhile, the protocol will persist in its investigation into the exploit.

This is a developing story, and further information will be added as it becomes available.

Read More

2024-05-01 13:20