$299 000 USD

APRIL 2024

GLOBAL

PIKE FINANCE

DESCRIPTION OF EVENTS

Pike Finance

 

The smart contract had a vulnerability which was reported and ignored, allowing the theft of $299k wroth of USDC.

 

Attacker: 0xAdaF1626aEC26A7937aE7d1Fa0664e6E0904C1d0

 

Target Contract: 0x7856493B59cdb1685757A6DcCe12425F6a6666a0

 

Attack Transaction: 0x979ad9b7f5331ea8034305a83b5cd50aea88adec395fff8298dd90eb1b87667f

 

"On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH."

 

"While we continue our investigation, we are offering a 20% reward for the return of the funds, or information leading to the recovery of funds."

 

Ongoing.

 

The Pike Finance team published a blog post with the plan forward.

 

"In the coming days, we will disclose a full list of wallet addresses with active supply and borrow positions prior to the protocol halt as of April 26 08:35 PM UTC. Addresses with a supply position will have a credit balance, and addresses with a borrow position will have a debit balance. We will calculate the Net Balance [Total Value of Supply - Total Value of Borrow] and assess whether liquidation levels have been triggered using asset prices as of April 26 08:35 PM UTC. Addresses with a positive net balance after accounting for liquidation checks will be restituted in full directly to their wallets ($OP via Optimism, $ARB via Arbitrum, $ETH and $USDC via Base)."

 

"The Community Treasury allocation of $P has been set aside for various usages, however one of these is of course, as an insurance fund.

 

As a result, we will be using 4% of the total supply of $P (from the Community Treasury allocation) as collateral to borrow the necessary stablecoin funds from the team treasury (around $2M USD across both exploits).

 

These will then be used to purchase the relevant assets on the open market and reimburse users for what they had within Pike prior to the exploit.

 

As the protocol generates revenue and launches the $P token, this loan will then be paid back accordingly - transferring the $P tokens used as collateral to the Foundation Treasury.

 

Once the debt is repaid, the $P will be released back to Insurance pool"

 

Refunds.

Pike Finance is a loan protocol which allows loans to be taken out using collateral on other chains. As part of their deployment, there was a known and identified issue where USDC can be withdrawn without proper validation. The team corrected the vulnerability with an upgrade which allowed all the assets to be drained from their smart contract, then eventually offered refunds to users.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.