Pike Finance Explains ‘USDC Vulnerability’ Statement on $1.6M Exploitation
Decentralized financial (DeFi) protocol Pike has clarified its previous statement regarding the vulnerability found in USDC Coin (USDC). The clarification comes after the platform received a $1.6 million exploit on April 30.
On May 1, Pike published an announcement stating that the exploit was related to a vulnerability in USDC and that USDC's product offerings had nothing to do with the security flaw the network suffered.
“This exploit is related to the first USDC vulnerability reported last week on April 26.”
But the DeFi protocol quickly retracted the statement, saying the phrase they used did not accurately describe the exploit.
Pike pointed out that the exploit was caused by flaws in the security measures in its contract functions when handling Cross-Chain Transfer Protocol (CCTP) transfers through the USDC-Issuing Circle.
Pike clarified that the cause of the exploit was unrelated to the functionality of Circle's product offerings.
In a previous announcement, Pike Financial said its audit partner had already identified the vulnerability that led to the first hack on April 26, but its team was unable to resolve it. They wrote:
“It's important to clarify that this vulnerability was previously identified by our audit partner, OtterSec. Our development team was unable to resolve the reported vulnerability in a timely manner.
Pike noted that the exploit was the result of his team's “inappropriate integration” of third-party technologies such as CCTP or Gelato Network Automation Services.
The first attack led to the theft of $300,000 worth of digital assets.
Related: April sees $25 million in exploits and fraud, historic low – CertiK
On April 30th, an attacker exploited a vulnerability in the protocol's smart contract to raise $1.68 million in Ethereum, Arbitrum, and Optimism. In total, the attacker took $1.4 million in Ether (ETH), $150,000 in Optimism (OP) and about $100,000 in Arbitrum (ARB) tokens.
Pike discovered that both attacks were due to the same smart contract vulnerability. The protocol said a flaw in the contract ultimately allowed the attackers to cut off the administrator's access and withdraw funds.
Although hacks still plague the crypto space, the data shows that losses from crypto-related hacks dropped significantly in April compared to February and March.
On May 1, PeckShield reported April's loss from hacking fell to $60 million, a steep jump from February's $360.8 million and March's $187.6 million.
Magazine: Web3 Game Won't Exist In 5 Years, $656K For Best Crypto Game Pitch: Web3 Gamer