Pike Finance clarified its initial remarks regarding a $1.6 million exploit on April 30, tied to a vulnerability in USDC Coin (USDC).
On the subject of a vulnerability discovered in USDC Coin (USDC), the decentralized finance (DeFi) protocol Pike has provided additional clarification regarding its prior remarks.
On April 30, the platform discovered a $1.6 million exploit. This clarification follows the discovery of the exploit. The attack was tied to a vulnerability in USDC, according to an announcement that was released by Pike on May 1.
The announcement also stated that USDC’s product offerings had nothing to do with the network’s security breach.
“This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.”
However, the DeFi protocol swiftly reversed the statement, noting that the phrase they used did not adequately represent the exploit that occurred.
Pike Finance Clarifies Security Oversights in CCTP Exploit
Pike Finance emphasized that oversights in the security safeguards implemented in its contract functions during the process of managing transfers using the Cross-Chain Transfer Protocol (CCTP), a service that USDC-issuer Circle offers, led to the exploit.
Pike Finance made it clear that the underlying cause of the exploit is distinct from the functionality of the products that Circle has available for purchase.
Additionally, Pike Finance stated in an earlier announcement that its auditing partner had already uncovered the vulnerability that was responsible for the initial hack that occurred on April 26, nevertheless, their team was unable to patch the vulnerability.
“It is important to clarify that this vulnerability was previously identified by our auditing partner, OtterSec. Our developer team was unable to address the identified vulnerability in a timely manner.”
They wrote that their team’s “improper integration” of third-party technologies, such as the CCTP or Gelato Network’s automation services, caused the exploit.
Pike mentioned that this particular exploit had appeared.bDuring the initial assault, digital assets worth a total of $300,000 were taken without permission.
On April 30th, an adversary exploited a flaw in the system’s smart contract in order to steal about $1.68 million from Ethereum, Arbitrum and Optimism. The attacker stole a total of $1.4 million worth of Ether, $150,000 worth of Optimism (OP) and around $100,000 worth of Arbitrum (ARB) tokens.
Pike determined that the same vulnerability in the smart contract caused both malicious assaults.
According to the protocol, the misalignment in the contract eventually made it possible for the attackers to circumvent the requirement for administrative access and extract funds.
This is despite the fact that hacks continue to be a problem in the cryptocurrency field. According to the data, losses in crypto-related hacks showed a significant decrease in April when compared to February and March.
On May 1, PeckShield announced that losses from hackers in April dropped to $60 million, a significant increase from the $360.8 million lost in February and the $187.6 million lost in March.