Pike Finance Refund Phishing Attack
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Pike Finance is a loan protocol which allows loans to be taken out using collateral on other chains. After users of Pike Finance had assets locked up due to a USDC withdrawal vulnerability, and then saw the entire smart contract drained due to a botched upgrade, an advanced phishing attack was started on the Twitter account PikeFinanc and domain pikefinance.net. After registering the fake domain and pumping the Twitter account with fake followers, the phishers responded to official updates from the Pike Finance team, claiming to be offering refunds, and pumping their posts with dozens of fake comments claiming to have received said refunds. The attack is ongoing and amount of damage is still unknown.
This is a global/international case not involving a specific country.[1][2][3][4][5]
About Pike Finance
"Universal Liquidity Protocol A next generation money market 一 deposit collateral on chain A, borrow on chain B."
"Pike is a universal liquidity market optimized for native assets." "Pike is a universal liquidity market that enables lending and borrowing using native assets directly on their respective blockchains, eliminating the need for wrapping and cross-chain transfers."
"Pike enables lending and borrowing using native assets directly on their respective blockchains, eliminating the need for wrapping and cross-chain transfers. For example, users can deposit Arbitrum's ARB tokens as collateral on their native Arbitrum chain, while borrowing other assets on a different blockchain." "Pike is enabled by Wormhole Cross-Chain Messaging, Circle’s Cross-Chain Transfer Protocol, and Pyth Data Feeds."
"Pike redefines the user experience for cross-chain lending and borrowing - Our focus on native assets remove the need for assets with suffixes and prefixes." "Seamlessly maximize your yields and leverage Pike’s native cross-chain functionality 一 No longer do you have to constantly bridge your assets to explore opportunities across the ecosystem." "Pike’s hub and spoke architecture is designed to fade into the background 一 Allowing users to realize an interconnected DeFi vision. Utilize a suite of assets from across the ecosystem 一 Ranging from yield bearing stablecoins and LSTs, to LP tokens."
"Wormhole messaging eliminates risks associated with cross-chain bridges and bridged assets 一 reducing attack vectors stemming from pricing oracles."
"According to Pike Finance, the initial exploit on April 26 was caused by weak security measures in Pike's contract functions when handling CCTP transfers."
"During protocol pausing attempts, an added dependency in the code altered storage layout and moved the initialized variable, causing contract misbehavior.
Seizing this opportunity, attackers upgraded spoke contracts without admin access, successfully siphoning off funds."
"Users can now claim refund for their pre-sale deposits, we had temporarily fixed the issue, but we are still investigating.
Get your refund: http://pikefinance.net
After getting refunded, please wait for next steps that we'll announced on our twitter."
"Users can now get refunded their pre-sale deposits.After getting refund, wait for further notice from team."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
The Twitter account and domain are unrelated to Pike Finance. Users who interact will be asked to approve permissions to drain their wallets.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| May 1st, 2024 2:26:00 AM MDT | First Scam Post | The first scam post is made with the malicious link, a reply to the official announcement. |
| May 3rd, 2024 12:15:00 AM MDT | Marcus_Onyinye Comment | A user named Marcus_Onyinye comments on the thread to indicate that |
| May 6th, 2024 5:23:14 PM MDT | Phishing Still Active | The phishing attack is still active and live. |
Technical Details
There is no allowance to connect an empty wallet.
Total Amount Lost
Unknown.
The total amount lost is unknown.
Immediate Reactions
One user screenshot.
Ultimate Outcome
The phishing attack is still happening.
Total Amount Recovered
None.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
Investigation?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Pike | Universal Liquidity Protocol (May 6, 2024)
- ↑ Introduction to Pike | User Docs | Pike (May 6, 2024)
- ↑ Rekt - Pike Finance - Rekt (May 6, 2024)
- ↑ @PikeFinanc Twitter (May 6, 2024)
- ↑ https://pikefinance.net/ (May 6, 2024)