Another attack on a large DeFi (decentralized finance) protocol took advantage of the Pickle Finance agricultural project for $ 20 million today.
The attack happened about two hours ago, and ETH-savvy Twitter users quickly noticed that the cDAI jar had been emptied by pickle – Pickle’s name for a productive vault:
I think @ picklefinance’s cDAI jar has just been attacked and drained. https://t.co/Lxwi2dWSSZ pic.twitter.com/nUBE1KjEPh
– mattyb (@mattybchats) November 21, 2020
Unlike other recent attacks, however, this exploit did not have flashloans – an increasingly malicious DeFi tool that gives potential exploiters additional liquidity to manipulate prices in the chain. Instead, this hacker traded money between a malicious copycat contract and the cDAI jar.
In an interview with Cointelegraph, Emiliano Bonassi – a self-described whitehat hacker and co-founder of DeFi Italy – stated that the attacker created “bad glasses”, smart contracts that “have the same interface as traditional glasses but do bad things. ”
The attacker then exchanged money between his “bad glass” and the real cDAI glass and paid off with the deposits of $ 20 million.
Evil glasses used during the attack and handed over in the swapExactJarForJar investigate more on this topic: //t.co/szRloiecV8https: //t.co/l2xT4zhQB1
These are useful operations to be performed in this method (e.g., approve, withdraw, etc.). pic.twitter.com/29RNkF4vJb
– Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 21, 2020
Particularly after the attack on Harvest Finance, Pickle Finance seemed well on its way to becoming one of the pre-eminent agricultural protocols. At press time, Pickle’s stats website reported a total banned value of nearly $ 75 million, while Pickle, the governance mark of Pickle Finance, fell 50% on the day to $ 11.16 .
Pickle Finance’s problems are only the latest in a worrying trend across the DeFi space. The latest victims of exploits in recent weeks include Harvest Finance, Value DeFi, Akropolis, Cheese Bank and Origin Dollar.
However, the weaknesses of one DeFi industry may lead to the success of another. Said a Twitter dealer:
Security checks are a meme.
The new “audit” will have adequate insurance coverage. $ Nsure $ Cover
– Cope_Infinitum (@CryptoMessiah) November 21, 2020