Pike, the decentralized finance (DeFi) protocol, has issued a revised statement regarding the recent vulnerability found in USDC Coin (USDC) after experiencing a $1.6 million exploit on April 30.
In their initial announcement on May 1, Pike stated that the exploit was linked to a vulnerability in USDC and clarified that USDC’s product offerings were not responsible for the security lapse. However, the DeFi protocol quickly retracted this statement, acknowledging that their wording did not accurately describe the exploit.
Pike has now clarified that the exploit was caused by security measures lapses in its contract functions while handling transfers with the Cross-Chain Transfer Protocol (CCTP), a service provided by USDC-issuer Circle. They emphasized that the root cause of the exploit is unrelated to the functionality of Circle’s product offerings.
In a previous announcement, Pike revealed that their auditing partner had already identified the vulnerability that led to the first hack on April 26, but their team was unable to address it. They attributed the exploit to their team’s improper integration of third-party technologies, such as the CCTP or Gelato Network’s automation services.
The initial attack resulted in the theft of $300,000 worth of digital assets. Subsequently, on April 30, an attacker exploited the protocol’s smart contract vulnerability and drained approximately $1.68 million across Ethereum, Arbitrum, and Optimism. The attacker made off with $1.4 million in Ether (ETH), $150,000 in Optimism (OP), and around $100,000 in Arbitrum (ARB) tokens.
Pike acknowledged that both attacks were a result of the same smart contract vulnerability, which allowed the attackers to bypass admin access and withdraw funds.
While hacks continue to be a concern in the crypto space, data shows that losses from crypto-related hacks significantly decreased in April compared to February and March. According to PeckShield’s report on May 1, losses from hacks in April amounted to $60 million, a significant drop from the $360.8 million in February and $187.6 million in March.
In other news, Web3 gaming is predicted to cease to exist within the next five years, and a prize of $656,000 is being offered for the best crypto game pitch in the Web3 Gamer magazine.