Pike Finance Exploit Leads to $1.6M in Stolen Cryptocurrency

cryptonews.com:

Decentralized finance (DeFi) lending protocol Pike Finance smart contract vulnerability led to $1.6 million in stolen funds over three days.

On April 30, Pike Finance suffered a $1.68 million exploit across the Ethereum, Arbitrum, and Optimism chains. This came to light following a report from on-chain analytics firm CertiK.

According to CertiK, the attacker exploited a vulnerability in Pike Finance’s smart contract to change the output address. This allowed them to drain the contract of over $1.4 million in Ethereum, $150,000 in Optimism tokens, and $100,000 in Arbitrum tokens.

This is the second event in a series of attacks, Pike also suffered a $300,000 exploit on April 26.

The two attacks stemmed from the same smart contract vulnerability, which allowed the attacker to override the contract. Pike took to X to explain the situation.

Attention Users:

On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH.

This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.

In order to pause the protocol, the spoke…

— Pike (@PikeFinance) May 1, 2024

In response, Pike has launched an investigation into the situation. They are offering a 20% reward, $336,000, for the return of the funds or information to aid in its recovery. 

The community’s initial reaction to this news was complete outrage. Pike users were perplexed as to how the problem could have occurred. More so because, following the initial attack, the exploit was allowed to be used again.

Despite the overwhelming backlash, Pike was responsive in providing guidance to help protect users from further losses.

“Pike urges all users to revoke all approvals to prevent loss of