Pike Finance admits to error following $1.7 million exploit, denies fault of USDC

On May 1, DeFi protocol Pike Finance corrected its description of a recent exploit and said it was not caused by a USDC vulnerability, as previously stated.

According to the company’s latest statement:

“The term ‘USDC vulnerability’ was inaccurate for summarizing last week’s exploit.”

Instead, weaknesses in Pike’s contract functions, particularly issues related to the handling of transfers on Circle’s Cross-Chain Transfer Protocol (CCTP), allowed the incident to occur.

How To Get Free Crypto  

It added that the root cause of the exploit was unrelated to the “functionality and robustness” of Circle’s USDC enabled by CCTP or Gelato — a smart contract automation protocol.

Pike Finance originally admitted full responsibility in its explanation of the first April 26 attack, noting the exploit was a “consequence of the protocol [team’s] improper integration” of third-party technologies and that the responsibilities for certain checks lay “solely on Pike as an integrator.”

However, when retrospectively referring to the first attack following the April 30 incident, it misleadingly said it may have been related to a “USDC vulnerability.”

Each attack led to sizeable losses for Pike Finance.

The April 30 attack saw the theft of 99,970.48 ARB, 64,126 OP, and 479.39 ETH. The incident resulted in a loss of $1.7 million, according to Certik data.

Coinbase Banner  

The earlier April 26 attack involved the loss of 299,127 USDC on Ethereum, Arbitrum, and Optimism, according to Pike Finance statements.

Cause of each attack

The first attack on April 26 resulted from functions related to USDC transfers on CCTP as automated by Gelato. The vulnerability allowed attackers to change the receiver’s address and amounts, which Pike Finance processed as valid due to its improper integration of the features.

Pike Finance said that its auditing partner, OtterSec, informed it of the issue. The protocol added that it was unable to address the vulnerability before the attack.

The second attack occurred after Pike Finance upgraded its spoke contracts to pause the network. The update ultimately caused the contract to behave as if it were uninitialized, allowing attackers to upgrade the contract, bypass admin access, and withdraw funds.

FreeBitcoin Banner  

Pike Finance is one of many DeFi projects that have fallen victim to exploits. However, April showed reduced losses from scams and exploits, according to recent reports.

Posted In: US, Hacks

Go to Source
Author: Mike Dalton

Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

You May Also Like

More From Author

This site uses Akismet to reduce spam. Learn how your comment data is processed.