Victor Ugochukwu · Dec 14, 2020 . 5min read
DeFi Protocol Pickle Finance loses $20 million in hack
Pickle Finance loses $20 million in an exploit. The hacker did not depend on flash loans instead attacked its pJar product's cDAI tokens.
By Komal Joshi · Nov 23, 2020 . 5min read
DeFi protocol Pickle Finance loses about $20 million in DAI in a hack on Saturday. Pickle Finance is a yield aggregation service. The hack on Saturday seems to include Pickle Finance’s DAI pJar product. pJar product uses the Compound protocol to harvest yield with DAI deposits. This Jar includes cDAI tokens issued by Compound when Pickle Finance deposits DAI in that protocol. However, Pickle Finance is still investigating the hack that cost them around $20 million in funds. The hacker’s wallet is still quiescent and has not begun the money laundering phase that directs to follow every hack.
Process behind hacking Pickle Finance is complicated.
Recently, Pickle developed a new approach to maximize profits from DAI. Nevertheless, today, Pickle Finance loses around $20 million in DAI from that wallet. Via the new strategy, it concentrated on offering an automated solution for transferring funds within several DeFi protocols in order to maximize profits. The attack on Pickle Finance is not serving the flash loan method that hackers recently employed to misuse vulnerabilities in most of the DeFi protocols. In respect to Pickle Finance, the hacker built a malicious contract and applied it to communicate with legitimate contracts.
Emiliano Bonassi, the co-founder of DeFi Italia, represented an estimate of how the hacker succeeded to remove the $20 million. According to Emiliano, the attacker developed “Evil jars,” contracts with a comparable interface to the “good jars” but processed separately. The attacker later exchanged funds between his “Evil jar” and the original cDAI Jar, using the $20 million in deposits. The process, states Bonassi, was remarkably complex, well thought, and not simple. Nevertheless, even he finds it unusual that the hacker didn’t depend on flash loans.
However, one thing to note is the growth in DeFi hacks recently. It is a sign that the ecosystem is quite vulnerable. Recent instances of DeFi protocol hacks involve Harvest Finance, Value DeFi, Akropolis, and Balancer. All of them have resulted in millions of dollars in losses to investors. Several of them had no opportunities to regain their money back owing to the decentralized nature of their projects.
Follow Cryptodose for more updates.