Pike Finance, a decentralized finance protocol (DeFi), has once again fallen victim to an exploit, this time losing $1.68 million in digital assets.
This incident, which took place on April 30, involved the Ethereum, Arbitrum and Optimism networks and is the second attack on the protocol in just three days, according to a report from on-chain analytics firm CertiK.
Vulnerability manipulated in smart contract
The attacker manipulated a vulnerability in Pike Finance’s smart contract, which made it possible to change the output address. As a result, more than $1.4 million in Ethereum, $150,000 in Optimism tokens and more than $100,000 in Arbitrum coins were stolen.
On April 26, Pike Finance suffered a previous exploit in which $300,000 was stolen. Both attacks were enabled by the same vulnerability in the smart contract. According to a statement from Pike Finance on May 1, a misconfiguration caused the contract to behave as if it had not been initialized. This allowed the attackers to bypass administrative access and withdraw funds by upgrading the spoke contracts.
In response to the theft, Pike Finance is offering a 20% reward for the return of the stolen funds or for information leading to their recovery. The protocol has announced that it will further investigate the exploit.
Source: https://newsbit.nl/pike-finance-geexploiteerd-voor-16-miljoen-bij-tweede-incident-in-drie-dagen/
