In what appears to be another coordinated hack attack, decentralized finance protocol, Pickle has announced that it has lost $20 million located in its coffers. Pickle is known for moving its client’s funds through different platforms to help them maximize their income.
Trouble started for the decentralized protocol after it decided to use a new strategy to increase its client’s returns in DAI, which allowed the hacker to make the attack. After the attack, the Twitter community called the attention of the protocol to its empty cDAI jar, a vault where Pickle keeps client’s funds.
Hacker made use of an ‘evil jar’ to drain funds
Going by the details of the hack, it appears that the hacker did not deploy the usual flash loan technique that is now being used all over the DeFi sector. In utilizing the flash loans, hackers will be granted the opportunity to add more liquidity, hence tamper with the token’s on-chain price. But the hacker did not use this method; instead, he created a fake contract that looked just like the cDAI jar that contained all the funds and swapped the funds between the two jars.
According to an analyst and seasoned white-hat hacker, Emiliano Bonassi, the hacker was able to pull this move by creating identical evil jar smart contracts that had the same look as the cDAI jar on the platform but do far more dangerous things when deployed.
Furthermore, the co-founder of DeFi Italy said that after the creation, the hacker carefully began to drain the funds in small quantities so that the developers will not be attracted. After he was done draining all, he left the whole cDAI jar empty and made off with the entire funds in the evil jar.
Analyst advises DeFi protocol developers to get insurance
Analysts and experts in the DeFi field had tipped Pickle to become the next farming protocol in the decentralized finance sector, especially after the hack attack on Harvest Finance. The current statistics on Pickles website showed that the protocol still had a total value locked of almost $75 million in its vault.
However, things don’t seem to be going well for the native governance token of the protocol as it has seen a massive decline run to sell at $11.16 losing 50% after the hack was carried out.
Pickle’s woes are the latest in a long list of protocols that has witnessed massive amounts of money stolen from their vaults through hack attacks in the decentralized finance sector. Recently, protocols like Harvest Finance, Value DeFi, Akropolis, Cheese Bank, and Origin Dollar are a few of the protocols that have lost many funds to hackers.
According to a particular user, it looks like the much-acclaimed security audit can no longer stop hackers from manipulating and stealing the funds on a protocol. He has advised that the developers should make sure their protocols are insured.