Pike Finance, a decentralized finance (DeFi) lending protocol, fell victim to an exploit that resulted in the loss of $1.68 million in digital assets. This incident marks the second exploit the protocol has experienced in just three days.
According to a report from on-chain analytics firm CertiK, the exploit took place on April 30 across the Ethereum, Arbitrum, and Optimism chains. The attacker took advantage of a vulnerability in Pike Finance’s smart contract, which allowed them to change the output address. As a result, they were able to drain the contract of over $1.4 million worth of Ether (ETH), $150,000 worth of Optimism (OP) tokens, and over $100,000 worth of Arbitrum (ARB) tokens.
This is not the first time Pike Finance has fallen victim to an exploit. On April 26, the protocol suffered a $300,000 exploit. Both attacks were carried out using the same smart contract vulnerability, which allowed the attacker to override the contract.
In response to the exploit, Pike Finance has offered a 20% reward for the return of the funds or any information that leads to their recovery. The protocol is also conducting an investigation into the incident.
While the month of April saw a decrease in cryptocurrency hacks and scams, with only $25.7 million lost, it is still a significant issue within the industry. According to CertiK, a total of $502 million worth of digital assets were stolen across 223 hacks and exploits during the first quarter of 2024. This represents a 54% increase compared to the first quarter of 2023, which saw a total of $326 million worth of funds stolen.
Despite these challenges, the DeFi industry continues to grow. Lido Finance, for example, recently hit 1 million validators, fueling the growth of DeFi.