Hacker Draws $20 Million from Pickle Finance Protocol

Another day, another attack against the DeFi. The Pickle Finance protocol lost nearly 20 million dollars in stablecoin Dai after a hacker exploited a loophole.

A hacker drains $20 million from the Pickle Finance protocol
FacebookTwitterLinkedInTelegramWhatsAppCopy Link
The Pickle Finance protocol challenged
On 21 November at 18:37 (UTC), hackers exploited a loophole in the Pickle Finance protocol and managed to drain 19,759,355 Dai, or nearly $20 million.

Like many other protocols, Pickle Finance is a performance aggregation service similar to Yearn.Finance and its YFI token. The protocol is fully automated and rewards those providing liquidity to stablecoin pools through PICKLE tokens.

On 20 November, the Pickle Finance team deployed a new strategy to optimise the returns from the Dai stablecoin. The product, called „PickleJar pDAI“ used the Compound protocol to earn interest on Dai deposits. It contained cDAI tokens issued by Compound when Pickle Finance deposited Dai in the protocol.

It was therefore by exploiting a loophole in the „PickleJar pDAI“ that as yet unidentified individuals managed to drain all the funds. For the moment, the team has not yet disclosed how the hackers managed to do this. Pickle Finance is now working with a team of white hat hackers to close the loophole.

„This attack was very complicated and involved many elements of the Pickle protocol. At this point in time, it does not appear that any more funds are at risk,“ said the Medium project team.

As a result of this major attack, the price of the PICKLE token has dropped drastically. According to CoinGecko, PICKLE went from $23.27 to $8.70 at its lowest point in about 6 hours, a drop of -62.61%. At the time of writing, the PICKLE token had risen above $12:

Price of the PICKLE token

Attacks against DeFi are multiplying
In 2020, the year of the development of decentralised finance, attacks against its protocols have multiplied. This trend has arisen as a result of the very rapid deployment of protocols, without them being audited by companies specialising in security.

The result is indisputable: the majority of funds stolen in the cryptomoney industry come from DeFi protocols. Although the exchange platforms are still the target of massive attacks, they are much less vulnerable than certain DeFi protocols.

A report by the blockchain analysis firm CipherTrace highlights that attacks against the DeFi represent 50% of all attacks in the cryptomatics sector in the second half of 2020.

Moreover, the attack against Pickle Finance comes less than one month after the attack against Harvest Finance. This other DeFi protocol lost 24 million dollars in a similar attack.

Unfortunately, it is only a matter of time before another protocol suffers the same fate. If you invest in the DeFi, be on your guard and take all necessary measures to ensure that the protocol in which you deposit funds is sufficiently secure.