The decentralized finance (DeFi) protocol Pike has clarified its previous statement regarding a vulnerability found in USDC Coin (USDC). The explanation follows the April 30 $1.6 million exploit on the platform.
On May 1, Pike made a notice indicating that the attack was connected to a weakness on USDC and that USDC’s product offerings had nothing to do with the security failure that the network suffered.
"This exploit is connected to the original USDC vulnerability that was discovered on April 26 last week."
The DeFi protocol promptly withdrew the statement, claiming that the wording they had chosen was inaccurate in describing the actual attack.
Pike emphasized that the vulnerability was created by weaknesses in its security procedures in its contract functions when managing transfers with the Cross-Chain Transfer Protocol (CCTP), a service supplied by USDC-issuer Circle.
Pike stated that the core cause of the issue is unconnected to the operation of Circle’s product offerings.
Pike Finance noted in a prior statement that although their team was unable to fix the vulnerability that led to the first hack on April 26, its auditing partner had already found it. They composed:
"It is crucial to make clear that our auditing partner, OtterSec, was the one who first discovered this vulnerability. The vulnerability that was found could not be promptly fixed by our development team."
Pike stated that their team's "improper integration" of third-party technologies, such as the CCTP or Gelato Network's automation services, was the cause of the vulnerability.
Digital assets valued at $300,000 were taken in the first attack.
On April 30, an attacker took advantage of a weakness in the smart contract of the protocol to siphon off approximately $1.68 million from Ethereum, Arbitrum, and Optimism. In total, the attacker grabbed $1.4 million in Ether ETH $150,000 in Optimism (OP) and around $100,000 in Arbitrum (ARB) tokens.
Pike recognized that both attacks were due to the same smart contract vulnerability. According to the protocol, the attackers were eventually able to obtain admin access and withdraw funds due to a misalignment in the contract.
Data indicates that losses from crypto-related hacks decreased significantly in April compared to February and March, despite the fact that hacks continue to wreak havoc in the industry.
PeckShield revealed on May 1st that April's hacking losses had decreased to $60 million, a significant increase from the previous two months' losses of $360.8 million and $187.6 million.
MAy 2024, Cryptoniteuae