Unknown attackers recently siphoned digital assets valued at just under $1.6 million from the decentralized finance protocol, Pike Finance. The protocol announced it is offering a 20% reward for the return of the funds, while an ongoing investigation into the incident continues.
The decentralized finance (defi) protocol, Pike Finance, said on May 1 that its platform had recently been exploited for approximately $1.6 million or 99,970.48 ARB, 64,126 OP, and 479.39 ETH. According to Pike Finance, the latest exploit, which occurred on April 30, is connected to a USDC vulnerability initially reported four days earlier.
In a statement issued via X, Pike Finance said it is offering a 20% reward for the return of the funds while an investigation into the incident is ongoing. The same reward is also being offered for information that leads to the return of the stolen funds.
Detailing the sequence of events leading to the attack, Pike Finance suggested that the inclusion of an additional dependency within the smart contract code may have helped trigger the attack.
“This dependency introduced new variables which altered the storage layout – in particular, the position of the initialized variable. As a result, the position occupied by the initialized variable was taken over by other variables, leading to a misalignment in storage mapping. This misalignment caused the contract to behave as if it was uninitialized, since the initialized variable could no longer be accessed,” Pike Finance said.
The statement added that the attackers were able to upgrade the spoke contracts, which in turn enabled them to bypass admin access and therefore steal the funds. Pike Finance said it plans to issue a report and plan on how to make users whole again at a later date.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
暫時沒有評論,趕緊搶沙發吧!