The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor.
In addition in the second invocation for swapExactJarForJar there were passed a target and doing a delegate call to CurveProxyPool 😢
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020
Yesterday, Pickle “deployed a new strategy” to maximise returns from DAI, a decentralized stablecoin pegged to the US dollar, “Larry the Cucumber,” a team member for Pickle, posted in a Discord chat, according to “statelayer.eth.”
But it doesn’t appear to be the kind of flash loan attack that have plagued DeFi protocols for the past few months. Several DeFi protocols have been the victims of flash loan-based oracle attacks: Harvest Finance lost $34 million, Cheese Bank lost $3.3 million; Akropolis suffered a $2 million loss and Value DeFi lost $6 million. “Normally you'd see the tx calling Aave, Uniswap, or dYdX for the flash loan,” crypto analyst Nick Chong told Decrypt.
An unhappy Pickle Finance user, on Telegram
Following the hack, the price of Pickle Finance's token, PICKLE, fell by 43.8%, according to Coin Gecko, to $12.75.
Until it works out what’s going on, Harvest Finance, a rival DeFi protocol that last month was hacked for $30 million, has moved all of its DAI, as well as stablecoins USDC and USDC, “ to the safety of its vaults until the attack vector is understood,” tweeted Smokatoke, a community rep for Harvest Finance.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
A blockchain researcher accidentally burned approximately $58,000 worth of Pump.fun’s PUMP token on Solana—but he told Decrypt that he isn’t “sad or angry” about the costly mistake.
The mistake came after he bought $40,000 worth of the token in Pump.fun’s sought-after token sale on Saturday, which sold out in just 12 minutes. Once the token launched, PUMP debuted at a price of $0.005827, which is 45% higher than its ICO valuation, bringing the unlucky trader’s losses to a total of $58,270.
On Su...
Hyperliquid has rapidly become a major player in decentralized finance, but Project X aims to level the playing field on the layer-1 HyperEVM chain that powers it—and seeks to become the frontend for the ecosystem in the process.
In a space crowded with teams racing to build similar platforms, the team insists its strategy stands apart. Rather than focusing solely on technical innovation, Project X sits down with Decrypt for an exclusive interview on how it is taking a distribution-first approac...
Some say crime doesn’t pay—but blockchain data suggests that an attacker who exploited a flaw in a GMX’s codebase earlier this week is walking away with a $5 million bounty.
“Ok, funds will be returned later,” the individual said in an on-chain message on Friday, days after they absconded with over $40 million worth of crypto from the decentralized exchange.
GMX, which specializes in perpetual futures trading on Avalanche and the Ethereum layer-2 scaling network Arbitrum, was later sent $10 mill...