Pike Finance exploited for $1.6M in second incident in 3 days
Pike Finance was exploited resulting in the loss of $1.68 million worth of digital assets. The incident marks the protocol’s second exploit in three days.
Decentralized finance (DeFi) lending protocol Pike Finance suffered a $1.68 million exploit across the Ethereum, Arbitrum and Optimism chains on April 30, according to a report from on-chain analytics firm CertiK, shared with Cointelegraph.
The attacker used a vulnerability in Pike Finance’s smart contract to change the output address, draining the contract of over $1.4 million worth of Ether (ETH), $150,000 worth of Optimism tokens, and over $100,000 worth of Arbitrum coins, according to CertiK.
Pike also suffered a $300,000 exploit on April 26.
The two attacks stemmed from the same smart contract vulnerability, which allowed the attacker to override the contract, according to a May 1 X post by Pike Finance:
“This misalignment caused the contract to behave as if it was uninitialized since the *initialized* variable could no longer be accessed. As a result, attackers were then able to upgrade the spoke contracts, bypassing admin access, and as a result, withdraw funds.”
Pike Finance is offering a 20% reward for the return of the funds or information leading to the recovery of the funds. The protocol will continue investigating the exploit.
Related: EigenLayer sees over 12,000 queued withdrawals — How far will TVL fall?
Crypto hacks fell to a three-year low in April
Only $25.7 million was lost to cryptocurrency hacks and scams during the month of April, which is the lowest monthly amount since 2021, according to an April 30 report from CertiK seen by Cointelegraph.
Total losses from exploits and scams fell 141% over the previous month, mainly attributed to a lack of private key compromises. In March, there were 11 attacks against protocols via private key compromises, whereas in April, there were only three.
Despite the record-low month, crypto attacks remain a significant industry thread. Over $502 million worth of digital assets were stolen across 223 hacks and exploits during the first quarter of 2024 according to the Hack3d report by CertiK.
This represents a 54% increase compared to the first quarter of 2023, which saw a total of $326 million worth of funds stolen.
Related: Lido Finance hits 1M validators, fueling the growth of DeFi
