Pike Finance Loses Nearly $2 Million in Two Attacks

On April 30th, attackers targeted the DeFi protocol Pike Finance, extracting 99,970 ARB, 64,126 OP, and 479 ETH, amounting to approximately $1.68 million.

Attention Users:

On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.

This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.

In order to pause the protocol, the spoke…

— Pike (@PikeFinance) May 1, 2024

Days before the incident, on April 26th, hackers exploited another vulnerability, stealing approximately $300,000 in USDC.

According to Pike developers, a flaw in the initializing smart contract allowed criminals to bypass the peripheral security system without admin access, resulting in the theft of funds.

The protocol team has offered a 20% reward of the stolen assets for their return or information about the perpetrator.

Commenting on the first incident, the company noted that the vulnerability was linked to weak security measures in the USDC transfer management system via the CCTP protocol.

“Insufficient protection allowed attackers to manipulate the recipient address and amounts processed by the Pike protocol as valid,” states the report.

The protocol’s operations at the smart contract level have been temporarily suspended. The project team has initiated an investigation in collaboration with several cross-chain protocols and Binance.

Earlier in April, the cryptocurrency exchange FixedFloat suffered its second attack of the year, with losses amounting to at least $2.8 million. The attack was carried out by the same group behind the February 16th breach.

According to CertiK, the past month saw the lowest monthly losses from various cybercrimes in the cryptocurrency market since the company began monitoring in 2021. In total, projects lost around $25.7 million—a 141% decrease from March.