An attacker withdrew about $19.76 million from one of the Pickle Finance protocol’s smart contracts.
Source: Etherscan.
The project token fell about 57%—from $22.75 to $9.72 at the time of writing (CoinGecko).
Source: CoinGecko.
The Pickle Finance team said it is “actively investigating” the incident and urged users to withdraw funds from the Jar storages.
There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates.
— Pickle Finance 🥒 (@picklefinance) November 21, 2020
Co-founder of DeFi Italy Emiliano Bonassi noted that the hacker did not use flash loans as in most similar attacks. The attacker created a malicious storage and, through fake swaps, drained about $20 million from deposits in the Compound DAI (cDAI) stablecoin.
Evil jars deployed during the attack and passed in the swapExactJarForJar, investigating more on thishttps://t.co/szRloiecV8https://t.co/l2xT4zhQB1
The are sensible ops executed in that method (e.g. approve, withdraw etc). pic.twitter.com/29RNkF4vJb
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020
According to Bonassi, the hack was extremely sophisticated and well-orchestrated.
Earlier the hacker withdrew from the Value DeFi project about $6 million in DAI and USDC stablecoins, using flash loans.
Follow ForkLog News on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.