A new day, a new DeFi hack. Attackers succeed in extracting 20 million US dollars from a pickle wallet. All about the background of the crime.
The DeFi protocol Pickle Finance has become the target of a hack. As the creators announced via medium on 22 November, unknown persons were able to withdraw a total of 19,759,355 DAI (currently just under 20 million US dollars) from the PickleJar.
The team behind PickleJar does not want to reveal how the attack took place until the editorial deadline. Precautions have been taken to prevent further attacks. However, a further exploitation of the security gap cannot be ruled out. The press release reads accordingly:
While we are working on bug fixes to remove the attack vector, the White Hat group has decided that we should not yet publish details of the actual attack. Although we have taken steps to mitigate further attacks, we do not want to tempt fate in the meantime.
The 20 million DAI tokens are currently lying untouched at the address of the suspected hacker. However, it is unusual that the tokens have not yet been moved. This is because Bitcoin Champion usually start to blur the trail of the tokens immediately after execution by splitting them up into different addresses and then washing them.
All PICKLE investors are affected by the hack. Those who were lucky enough not to have placed their DAI on the affected pJar have now been swept away by the subsequent course exodus. Since the theft became known, the PICKLE token has lost more than 50 percent of its value.
PICKLE: But not the big hit
PICKLE is a DeFi project that uses so-called Pickle Jars in addition to the well-known functions (farming, staking). These are special wallets that are designed to maximise yield farming yields by means of complicated algorithms. In addition to the native PICKLE token, investors can store various other tokens such as UNI in the jars and theoretically multiply them via staking. One of these pJars was cleared during the attack.
The attack is one of a series of attacks against DeFi projects. Most recently, BTC-ECHO reported on Opyn, for example, whose hackers relieved users of several hundred thousand US dollars. The hack of Lendf.Me came to a somewhat happier end. After attackers stole assets worth 25 million US dollars, the hacker returned the full amount to the owners. The reason for this was apparently a successful investigation by the Singpur police.
The attack shows once again that the most important feature of crypto currencies like Bitcoin is its security infrastructure. Especially newly blazing stars in the crypto sky attract fraudsters and hackers who enrich themselves on the ignorance of crypto novices. So you should exercise the greatest possible caution when investing in DeFi.