Pike Finance admits to error following $1.7 million exploit, denies fault of USDC

cyptouser7 months agoCryptocurrencies News95
On May 1, DeFi protocol Pike Finance corrected its description of a recent exploit and said it was not caused by a USDC vulnerability, as previously stated.

According to the company’s latest statement:

“The term ‘USDC vulnerability’ was inaccurate for summarizing last week’s exploit.”

Instead, weaknesses in Pike’s contract functions, particularly issues related to the handling of transfers on Circle’s Cross-Chain Transfer Protocol (CCTP), allowed the incident to occur.

It added that the root cause of the exploit was unrelated to the “functionality and robustness” of Circle’s USDC enabled by CCTP or Gelato — a smart contract automation protocol.

Pike Finance originally admitted full responsibility in its explanation of the first April 26 attack, noting the exploit was a “consequence of the protocol [team’s] improper integration” of third-party technologies and that the responsibilities for certain checks lay “solely on Pike as an integrator.”

However, when retrospectively referring to the first attack following the April 30 incident, it misleadingly said it may have been related to a “USDC vulnerability.”

Each attack led to sizeable losses for Pike Finance.

The April 30 attack saw the theft of 99,970.48 ARB, 64,126 OP, and 479.39 ETH. The incident resulted in a loss of $1.7 million, according to Certik data.

The earlier April 26 attack involved the loss of 299,127 USDC on Ethereum, Arbitrum, and Optimism, according to Pike Finance statements.

Cause of each attack

The first attack on April 26 resulted from functions related to USDC transfers on CCTP as automated by Gelato. The vulnerability allowed attackers to change the receiver’s address and amounts, which Pike Finance processed as valid due to its improper integration of the features.

Pike Finance said that its auditing partner, OtterSec, informed it of the issue. The protocol added that it was unable to address the vulnerability before the attack.

The second attack occurred after Pike Finance upgraded its spoke contracts to pause the network. The update ultimately caused the contract to behave as if it were uninitialized, allowing attackers to upgrade the contract, bypass admin access, and withdraw funds.

Pike Finance is one of many DeFi projects that have fallen victim to exploits. However, April showed reduced losses from scams and exploits, according to recent reports.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Memecoins are a ‘cornerstone’ of crypto: Galaxy’s Novogratz

Memecoins are a ‘cornerstone’ of crypto: Galaxy’s Novogratz

55966e89˃Galaxy Digital CEO Michael Novogratz has reiterated his support for memecoins, calling it a...

Crypto firm backed by real-world assets plans to go public this year

Crypto firm backed by real-world assets plans to go public this year

55966e89˃New York-based blockchain tech company Unicoin is aiming for a public stock listing and the...

Open sourcing lets developers explore beyond initial ideas: Trust Wallet

Open sourcing lets developers explore beyond initial ideas: Trust Wallet

55966e89˃Trust Wallet's head of engineering, Luis Ocegueda, shared the idea behind open-sourcing its...

ByBit to launch Notcoin trading and withdrawals next week

ByBit to launch Notcoin trading and withdrawals next week

55966e89˃Notcoin (NOT), a play-to-earn game and token integrated as a mini-app on Telegram, is trend...

Binance ends Nigerian Naira services amid government crackdown

Crypto exchange Binance said it would discontinue all services associated with the Nigerian local fi...

Judge signals likely continuation of SEC lawsuit against Kraken

A federal judge in California indicated that he is inclined to let the US Securities and Exchange Co...