A decentralized system called Pike Finance, which specializes in cross-chain lending, has lost $1.6 million because of security holes in USDC (USD Coin) transfers.
Hackers got into the system, which is backed by Circle, and stole several altcoins. This event, announced in a statement on May 1, impacted Pike Beta on the Ethereum, Arbitrum, and Optimism chains. It cost 99,970.48 ARB, 64,126 OP, and 479.39 ETH.
USDC exploit due to vulnerability.
Officials at Pike Finance say that this exploit is connected to a previous USDC flaw that caused a loss of $299,127 across the same lines. The Pike Finance team said in a report released on April 28 that the losses were caused by the cross-chain transfer protocol not having enough security measures for USDC transfers.
Specifically, the critical flaw was in functions designed for burning USDC on a source chain and minting on a target chain (automated by Gelato’s automation services). Inadequate protection of this function allowed attackers to manipulate receiver’s address and amounts, which were processed by Pike protocol as valid. Pike Finance
The latest breach happened because of a misaligned storage mapping, which caused the protocol’s smart contract to work strangely. This enabled attackers to circumvent administrative rules and take funds out without permission. The Pike Finance team is offering a 20% prize for the return of the funds or any information that helps get them back.
Pike Finance was founded in 2023 and got $50,000 from Circle and Wormhole to help start its mainnet in the first quarter of 2024. The protocol acts as a cross-chain liquidity source, letting users lend and borrow native assets across various sidechain and blockchain networks.
