$pickle in a pickle as attacker swipes $20 million in “evil jar” exploit
The perils of decentralized finance in the spotlight yet again after the latest major DeFi exploit In yet another attack on a major decentralized finance (DeFi) protocol, farming project Pickle Finance has been exploited today to the tune of $20 million. The attack transpired roughly two hours ago, and ETH-savvy Twitter users were quick to notice that pickle’s cDAI jar — Pickle’s term for a yield-bearing vault — had been emptied:I think @picklefinance's cDAI jar just got attacked and drained. https://t.co/Lxwi2dWSSZ pic.twitter.com/nUBE1KjEPh— mattyb (@mattybchats) November 21,....
Related News
The latest attack relied on user permissions granted to the protocol The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple protocols at once, fell victim to the attack which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar....
Pickle Finance was recently hit by an exploit in which $19.7 million in DAI was lost.
Holders of Pickle Finance’s native coin PICKLE are currently suffering from a 50% drawdown after the protocol was attacked by an unknown user. Details are still unclear about the attack but the loss of funds has resulted in users pulling their liquidity and selling the cryptocurrency en-masse. PICKLE is down to $11.50 as of this […]
Though a "prime suspect" has been identified, how will the protocol make itself whole? In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform. Alpha Finance Lab, whose protocol was audited by Quantstamp and Peckshield, announced on Twitter this morning that they were aware of an attack, that the “loophole” that allowed it had been patched, and that the team had a “prime suspect”:Dear Alpha community, we've been notified of an exploit on Alpha....
Pickle Finance got hacked so badly on Saturday that its developers asked to be merged into Yearn. Finance Redefined is Cointelegraph’s weekly DeFi-centric newsletter, delivered to subscribers every Wednesday.On Saturday, we saw one of the most complex smart contract hacks yet affecting Pickle Finance, a yield optimization protocol very similar to Yearn — an important point for later.PeckShield provided a technical explanation for it, but I think only Solidity developers can really understand it. The high-level take is that the hacker found two textbook examples of code vulnerabilities in....