News

Hackers Paradise: Yet Another Defi Protocol Exploited for Nearly $20 Million in DAI

Decentralized finance (defi) protocol Pickle Finance was hacked for $19.7 million of the stablecoin DAI over the weekend, as the defi industry appears to be turning into a hackers paradise.

Pickle’s native token (PICKLE) plunged 62% on the news, falling from $23.27 to $8.70 when the hack was first reported on Nov. 21. At the time of writing, the token has since rebound 29% in 24 hours to $18.51, according to Coingecko data.

This is the fourth hack to hit the defi space in just two weeks. Akropolis, Value Defi and Origin protocol were exploited for a combined total of $15.7 million in flash loan attacks.

Pickle Finance is a yield aggregation service that rewards users who provide liquidity to its various pools of stablecoins with interest and token disbursements in ether, other stablecoins or its native digital asset PICKLE.

It is not clear whether Pickle Finance suffered a flash loan attack, but management admitted in a blog post that “this was a very complicated attack and involved many components of the Pickle protocol.” It took the protocol’s dev team of 10 people more than four hours to figure it out.

The hacker targeted Pickle Finance’s DAI pjar product, a concept akin to yearn.finance’s vaults, and drained 19,759,355 of the U.S.-dollar-pegged stablecoin DAI. This specific jar harvests yield from DAI deposits made via the decentralized lending protocol Compound.

Cyber-security expert Dmytro Volkov told news.Bitcoin.com that the defi hacking frenzy was a result of hurried project development.

“Most of the defi projects’ hacks are based on vulnerabilities connected to errors in the source code. Errors in applications occur for various reasons, and it is errors that cause vulnerabilities and subsequent hacks of these applications,” said Volkov, who is also chief technology officer at crypto exchange CEX.IO .

“Cybercriminals look for errors in the defi protocols and exploit them for their own ends. As defi projects become more popular and the greater the amount of capital that flows through them grows, the more this field will attract hackers, and the more hacks there will be,” he added.

Pickle Finance said in a Nov. 24 tweet that it has a “small chance” of recovering the stolen money.

What do you think of defi industry’s latest hack? Let us know in the comments section below.

Tags in this story
Akropolis, CEX.io, Decentralized finance (Defi), Defi exploit, Dmytro Volkov, Flash loan attack, Origin Protocol, Pickle Finance, Value Defi

Image Credits: Shutterstock, Pixabay, Wiki Commons

Purchase Bitcoin without visiting a cryptocurrency exchange. Buy BTC and BCH here.

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer
Show comments