Circle-backed protocol Pike Finance loses $1.6m due to ‘USDC vulnerability’

As a crypto investor with a few years of experience under my belt, I’m disheartened by the recent news of Pike Finance suffering yet another significant loss due to security vulnerabilities in their USDC transfer functions. Having closely followed the project since its launch in 2023, I was optimistic about its potential as a cross-chain liquidity provider. However, these recurring incidents raise concerns about the team’s ability to ensure adequate security measures for users’ funds.

Pike Finance, which operates a decentralized protocol for cross-chain lending, experienced a setback as a result of inadequate security in the functions handling USDC transfers. This unfortunate event led to a loss of approximately $1.6 million.

On May 1, I came across disturbing news about Pike Finance, the decentralized finance (DeFi) platform that focuses on cross-chain lending. The project suffered a regrettable setback when it was hacked, leading to a substantial loss of approximately $1.6 million in altcoins. According to an X post made by their official account, the Pike Beta protocol on Ethereum, Arbitrum, and Optimism networks was exploited. The exact losses were reported as 99,970.48 ARB, 64,126 OP, and 479.39 ETH.

Users’ Notice:On the 30th of April, 2024, the Pike Beta protocol succumbed to an exploit worth approximately 99,970.48 ARB, 64,126 OP, and 479.39 ETH.This exploitation is linked to the initial USDC vulnerability disclosed on the 26th of April, 2024.To halt the protocol’s operation, the team has initiated a pause mechanism.— Pike (@PikeFinance) May 1, 2024

The Pike Finance team has identified an exploit linked to the “USDC weakness,” which had resulted in a loss of $299,127 worth of USD Coin (USDC) in past incidents on Ethereum, Arbitrum, and Optimism networks. In their post-mortem analysis released on April 28, they acknowledged that the assets were compromised due to insufficient security protocols in functions overseeing USDC transfers via the cross-chain transfer system.

“The fundamental issue was found in functions responsible for exchanging USDC between a source and target blockchain, facilitated by Gelato’s automation. Unfortunately, insufficient security measures around this function enabled attackers to alter the receiver’s address and transaction amounts, which Pike protocol accepted as legitimate.”

Pike Finance

On this occasion, the flaw in the system resulted in a discrepancy in how data was linked to storage, triggering unexpected behavior from the smart contract. Consequently, hackers were able to circumvent admin privileges and make unauthorized fund withdrawals. The developers have offered a twenty percent reward for the return of the stolen funds or for any intelligence that contributes to their recovery.

In 2023, Pike initiated its venture with a $50,000 investment in USDC from Circle and Wormhole. This financial backing was crucial for the commencement of Pike Finance’s mainnet in Q1 2024. Notably, Pike Finance functions as a cross-chain liquidity provider, empowering users to lend and borrow native assets across various blockchain and sidechain platforms.

Read More

2024-05-01 12:36