Pickle Finance announced that its DeFi protocol was hacked and attackers drained $19.7 million worth of DAI stablecoin from a Pickle wallet.
Shortly after the security breach and loss of nearly $20 million in DAI, Pickle’s administrators engaged with cybersecurity specialists to tackle the situation. The first step that the team took was to reverse-engineer the transaction and to see if they can write the code to replicate the attack. After several hours, the team finally figured out the transaction and how the hackers made the execution. The team said that the hacking was an extremely complicated attack and involved several components of the Pickle protocol.
Unlike several other DeFi attacks recently witnessed, this particular exploit did not involve flash loan attacks. The attacker instead swapped funds between a malicious copycat contract and Pickle cDAI Jar (Pickle’s yield-bearing vault) thus leading to the loss of funds.
The security specialists said that the hacker created “evil jars” smart contracts that have the same interface as original jars to do the evil. Then the hacker swapped funds between the “evil jar” and the traditional cDAI Jar, thus stealing the $19.7 million in deposits.
Although the team has taken measures to mitigate further attacks, the security specialists advised the team not to publish any details of the actual attack yet in order not to do something that is risky.
The incident caused the price of Pickle’s native token (PICKLE) to decline from $50.12 to $10.17, but rebounded to about $12.60.
Pickle Finance is a yield farming protocol that aims to reward users with interest payments and provide liquidity into the DeFi’s four largest stablecoins (sUSD, DAI, USDT, and USDC). The decentralized finance project shifts customers’ funds around DeFi protocols to maximize returns.
Scams Tarnishing the Image of DeFi Market
With DeFi scams continue to rise day by day, industry stakeholders urge users to prioritize due diligence before making investments in any project. Individuals familiar with the decentralized finance landscape know that a day hardly goes by without an incident of a project or another “exit scamming” its customers.
Although DeFi is meant to assist in democratizing access to global finance, the emerging market niche has become a perfect environment where malicious actors constantly siphon funds from innocent victims and investors are falling into scams.
Image source: Shutterstock