Decentralized finance (defi) protocol Pickle Finance was hacked for $19.7 million of the stablecoin DAI over the weekend, as the defi industry appears to be turning into a hackers paradise.
Pickle’s native token (PICKLE) plunged 62% on the news, falling from $23.27 to $8.70 when the hack was first reported on Nov. 21. At the time of writing, the token has since rebound 29% in 24 hours to $18.51, according to Coingecko data.
This is the fourth hack to hit the defi space in just two weeks. Akropolis, Value Defi and Origin protocol were exploited for a combined total of $15.7 million in flash loan attacks.
Pickle Finance is a yield aggregation service that rewards users who provide liquidity to its various pools of stablecoins with interest and token disbursements in ether, other stablecoins or its native digital asset PICKLE.
It is not clear whether Pickle Finance suffered a flash loan attack, but management admitted in a blog post that “this was a very complicated attack and involved many components of the Pickle protocol.” It took the protocol’s dev team of 10 people more than four hours to figure it out.
The hacker targeted Pickle Finance’s DAI pjar product, a concept akin to yearn.finance’s vaults, and drained 19,759,355 of the U.S.-dollar-pegged stablecoin DAI. This specific jar harvests yield from DAI deposits made via the decentralized lending protocol Compound.
Cyber-security expert Dmytro Volkov told news.Bitcoin.com that the defi hacking frenzy was a result of hurried project development.
“Most of the defi projects’ hacks are based on vulnerabilities connected to errors in the source code. Errors in applications occur for various reasons, and it is errors that cause vulnerabilities and subsequent hacks of these applications,” said Volkov, who is also chief technology officer at crypto exchange Cex.io.
“Cybercriminals look for errors in the defi protocols and exploit them for their own ends. As defi projects become more popular and the greater the amount of capital that flows through them grows, the more this field will attract hackers, and the more hacks there will be,” he added.
Pickle Finance said in a Nov. 24 tweet that it has a “small chance” of recovering the stolen money.
What do you think of defi industry’s latest hack? Let us know in the comments section below.
The post Hackers Paradise: Yet Another Defi Protocol Exploited for Nearly $20 Million in DAI appeared first on Bitcoin News.