$20 million Pickle Finance Hack with Complex Attack
DeFi platform Pickle Finance lost approximately $20 million to hackers in the past 24 hours. The hack was announced in the early hours today and it is understood that the funds were stolen from one of their smart contracts.
There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates.— Pickle Finance 🥒 (@picklefinance) November 21, 2020
Complex and advanced Hack Process
The hacker was able to access the funds by attacking the protocol’s Pickle Finance DAI PickleJar or pJar. This smart contract contained cDAI tokens from the Compound protocol which were issued when Pickle deposited DAI into the protocol.
Pickle Finance is an unique DeFi platform that provides automated solutions for users to move funds between different DeFi protocols to maximize profits. For this to happen Compound (COMP) is used as a universal currency for trading and arbitration.
Emilaino Bonassi, the co-founder of DeFi Italia, further explained how the hack process was able to occur. According to him the attacker created a set of contracts that has similar features with the existing good jars contract but with ulterior motives.
Argh! No 😥 https://t.co/IqskGJsrxT pic.twitter.com/eXZbnDfnaF— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020
After creating these bad jars, the hacker then swapped funds between this bad jar and the real cDAI Jar, stealing $20 million in the process. At the moment the money stolen from the hacker is still in the dormant wallet and yet to be laundered to various exchanges.
However it is expected that this will occur soon as most hackers sell stolen tokens bit by bit on different exchanges to avoid funds being frozen. As expected following news of the hack, Pickle Finance native token (PICKLE) suffered a dip losing more than 50% of its value in a few hours.
The Pickle Finance hack follows a spate of hacks that has happened in the DeFi landscape in recent months. Several DeFi protocols have been the victims of hacks including high profile one like Harvest Finance, Value DeFi, Eminence and Origin Dollar. Earlier, Vitalik Buterin was bullish about this Pickle project.
This shows that there is a long way to go for the DeFi sector as hackers continue to stalk new projects.