Pike Finance exploited for $1.6M in second incident in 3 days
A smart contract vulnerability led to nearly $2 million worth of lost funds within three days on Pike Finance, which is offering a 20% reward for the stolen assets.
Pike Finance was exploited resulting in the loss of $1.68 million worth of digital assets. The incident marks the protocol’s second exploit in three days.
Decentralized finance (DeFi) lending protocol Pike Finance suffered a $1.68 million exploit across the Ethereum, Arbitrum and Optimism chains on April 30, according to a report from on-chain analytics firm CertiK, shared with Cointelegraph.
The attacker used a vulnerability in Pike Finance’s smart contract to change the output address, draining the contract of over $1.4 million worth of Ether (ETH), $150,000 worth of Optimism tokens, and over $100,000 worth of Arbitrum coins, according to CertiK.
Pike also suffered a $300,000 exploit on April 26.
The two attacks stemmed from the same smart contract vulnerability, which allowed the attacker to override the contract, according to a May 1 X post by Pike Finance:
“This misalignment caused the contract to behave as if it was uninitialized since the *initialized* variable could no longer be accessed. As a result, attackers were then able to upgrade the spoke contracts, bypassing admin access, and as a result, withdraw funds.”
Pike Finance is offering a 20% reward for the return of the funds or information leading to the recovery of the funds. The protocol will continue investigating the exploit.
Related: EigenLayer sees over 12,000 queued withdrawals — How far will TVL fall?
This is a developing story, and further information will be added as it becomes available.
Responses