DeFi Protocol Pickle Finance Hacked For $20 Million

The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.

Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. 

Yesterday, Pickle “deployed a new strategy” to maximise returns from DAI, a decentralized stablecoin pegged to the US dollar, “Larry the Cucumber,” a team member for Pickle, posted in a Discord chat, according to “statelayer.eth.”

Today, someone drained $19.7 million in DAI from that wallet. 

Specifically, someone drained Pickle Finance’s cDAI jar. cDAI are the tokens that decentralized lending protocol Compound issued Pickle when it deposited DAI.

But it doesn’t appear to be the kind of flash loan attack that have plagued DeFi protocols for the past few months. Several DeFi protocols have been the victims of flash loan-based oracle attacks: Harvest Finance lost $34 million, Cheese Bank lost $3.3 million; Akropolis suffered a $2 million loss and Value DeFi lost $6 million. “Normally you'd see the tx calling Aave, Uniswap, or dYdX for the flash loan,” crypto analyst Nick Chong told Decrypt.

Following the hack, the price of Pickle Finance's token, PICKLE, fell by 43.8%, according to Coin Gecko, to $12.75.

Until it works out what’s going on, Harvest Finance, a rival DeFi protocol that last month was hacked for $30 million, has moved all of its DAI, as well as stablecoins USDC and USDC, “ to the safety of its vaults until the attack vector is understood,” tweeted Smokatoke, a community rep for Harvest Finance.