Tuesday, December 24, 2024

DeFi project Pickle Finance exploited for $20 million

Another day, another DeFi exploit. On Saturday, November 21st, the DeFi project ‘Pickle Finance’ was exploited for $19.7 million. This is the fourth DeFi exploit to take place within just two weeks with the Akropolis ($2 million), Value DeFi ($7.4 million), and Origin protocol ($7.7 million) exploits proceeding it.

But unlike the three DeFi exploits that took place before it, analysts are not sure how the Pickle Finance exploit took place. Some speculate that it was yet another flash-loan attack–the same type of exploit that led to the Akropolis, Value DeFi, and Origin Protocol exploits–however, others are saying that the exploit was more complex than the typical flash-loan attack.

Later on, The Pickle Finance team announced that they figured out how the exploit took place, that it’s very complex, and that it took their dev team nearly four hours to figure it out.

Pickle Finance Team Discord

Next steps for the Pickle Finance team

As a result of the exploit, the Pickle Finance team recommended that its liquidity providers withdrawal their funds from any Pickle Finance pool until the issue is solved. 

Shortly after they recommended withdrawals, the Pickle Finance team claimed to have patched the attack vector and said that providing liquidity in any Pickle Finance pool–except its DAI pool–was once again safe.

High risk, low reward

As time goes on, it is becoming clear that DeFi investments are no longer high-risk high reward ventures, but rather, high risk, low reward ventures. Although more money continues to pour into the DeFi sector, the new capital is not being allocated to meme coins like $PICKLE, instead, it is going to legitimate DeFi use-cases like decentralized borrowing and lending.

Recommended:  Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It

DeFi related crime is on the rise, and three DeFi projects were the victims of flash-loan attacks in the last 14 days. Considering that many DeFi projects have simply copy and pasted the code of other projects, it would not be surprising to see even more projects become the victim of flash-loan attacks.

The best way to stay dry in a time when attackers are looking to exploit DeFi projects and separate investors from their funds is to stay out of the DeFi space. The few dollars you could make from investing in these hobby projects is not worth all the money you could lose through the project’s attack vectors.

Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security