Another major DeFi incident took place over the weekend. As long as people continue to throw money at unaudited projects, this trend is likely to occur. Following the incident, it remains to be seen what happens to the Pickle Finance concept.
Pickle Finance is in a Pickle
It is not the first, nor the last time a DeFi project will face issues due to someone exploiting their code. Most of these contracts are unaudited, allowing for criminals to leverage weaknesses and exploits. At the same time, some of the issues that may remain hidden from view can have catastrophic effects. For Pickle Finance, this latter aspect may hold the key to what went down exactly.
Initially, people assumed this was another flash loan attack. It certainly has a lot of similarities to such an attack. With roughly $20 million in DAI withdrawn in quick succession, a very big problem has ensued. So far, the market impact has been minimal, which is noteworthy.
At the same time, this turn of events raises a lot of questions, for one simple reason. Contrary to prior DeFi incidents, the culprit attacking Pickle Finance has not moved the stolen funds. An unusual turn of events, as hackers often cash out stolen money before it gets flagged on the network. This time, no money has moved since it was obtained without permission.
Further research into the matter shows the attack vector is likely found elsewhere. One function in the Pickle controller allows for coins to be swapped between different strategies. it is possible this may have been leveraged by the hacker, albeit further analysis was required. Earlier today, the team disclosed the technical details regarding the incident.
What Happens Next?
At this time, there is still a lot of uncertainty regarding the future of Pickle Finance. Thankfully, affected users may see money returned to them, thanks to Cover Protocol. For those unfamiliar with the service, it is a P2P coverage market to help protect DeFi services, among other things. It is now a matter of figuring out whether Pickle’s claim is legitimate, and if any recourse is possible.
Even if the claim is valid, it will not be possible to reimburse all users. According to Nick Chong, there was $430,000 in cover, yet $20 million has been taken. There will be some numbers to crunch over the coming days and weeks. Anyone who still has liquidity on Pickle Finance needs to withdraw it immediately to avoid any further incidents.
We're seeing @coverprotocol respond to this in real time.
Cover launched literally two days ago, and Pickle was a project it began providing cover for. There was $430,000 in cover available last time I checked.
Community seems to think it's a valid claim already.
— Nick C. (@n2ckchong) November 21, 2020
One thing that is interesting is how so many users have reached out to the hacker already. Many people hope to see money returned to them organically, as unlikely as that may be. With none of the funds effectively being moved, however, there is always a glimmer of hope.
Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]