{"id":13126,"date":"2024-05-01T16:23:08","date_gmt":"2024-05-01T13:23:08","guid":{"rendered":"https:\/\/forklog.com\/en\/pike-finance-loses-nearly-2-million-in-two-attacks\/"},"modified":"2024-05-01T16:23:08","modified_gmt":"2024-05-01T13:23:08","slug":"pike-finance-loses-nearly-2-million-in-two-attacks","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/pike-finance-loses-nearly-2-million-in-two-attacks\/","title":{"rendered":"Pike Finance Loses Nearly $2 Million in Two Attacks"},"content":{"rendered":"<p>On April 30th, attackers targeted the DeFi protocol Pike Finance, extracting 99,970 ARB, 64,126 OP, and 479 ETH, amounting to approximately $1.68 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Attention Users:<\/p>\n<p>On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.<\/p>\n<p>This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.<\/p>\n<p>In order to pause the protocol, the spoke\u2026<\/p>\n<p>\u2014 Pike (@PikeFinance) <a href=\"https:\/\/twitter.com\/PikeFinance\/status\/1785572875124330644?ref_src=twsrc%5Etfw\">May 1, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Days before the incident, on April 26th, hackers exploited another vulnerability, stealing approximately $300,000 in USDC.<\/p>\n<p>According to Pike developers, a flaw in the initializing smart contract allowed criminals to bypass the peripheral security system without admin access, resulting in the theft of funds.<\/p>\n<p>The protocol team has offered a 20% reward of the stolen assets for their return or information about the perpetrator.<\/p>\n<p>Commenting on the first incident, the company noted that the vulnerability was linked to weak security measures in the USDC transfer management system via the CCTP protocol.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cInsufficient protection allowed attackers to manipulate the recipient address and amounts processed by the Pike protocol as valid,\u201d states the <a href=\"https:\/\/mirror.xyz\/pikefinance.eth\/M1ToE42vwEHuE6xlz0dVRQwPT0xpaRtpIIw2arOdBAM\">report<\/a>.<\/p>\n<\/blockquote>\n<p>The protocol&#8217;s operations at the smart contract level have been temporarily suspended. The project team has initiated an investigation in collaboration with several cross-chain protocols and Binance.<\/p>\n<p>Earlier in April, the cryptocurrency exchange FixedFloat <a href=\"https:\/\/forklog.com\/en\/news\/fixedfloat-suffers-2-8-million-loss-in-second-hack-of-the-year\">suffered<\/a> its second attack of the year, with losses amounting to at least $2.8 million. The attack was carried out by the same group behind the <a href=\"https:\/\/forklog.com\/en\/news\/fixedfloat-cryptocurrency-exchange-hacked-for-26-million\">February 16th breach<\/a>.<\/p>\n<p>According to CertiK, the past month saw the lowest monthly losses from various cybercrimes in the cryptocurrency market since the company began monitoring in 2021. In total, projects lost <a href=\"https:\/\/forklog.com\/en\/news\/certik-reports-record-low-cryptocurrency-losses-in-april\">around $25.7 million<\/a>\u2014a 141% decrease from March.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On April 30th, attackers targeted the DeFi protocol Pike Finance, extracting 99,970 ARB, 64,126 OP, and 479 ETH, amounting to approximately $1.68 million. Attention Users: On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH. This exploit is related to the initial USDC vulnerability that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13125,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44],"class_list":["post-13126","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"25","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=13126"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13126\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/13125"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=13126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=13126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=13126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}