Monday, November 23, 2020

$pickle in a pickle as attacker swipes $20 million in “evil jar” exploit

Must Read

Ethereum 2.0 Deposit Contract Is 75% Funded Ahead of Dec. 1 Soft Launch

The smart contract that will trigger the first phase of Ethereum’s most ambitious upgrade yet has nearly accrued enough funds to activate.The Ethereum 2.0...

XRP price rallies 91% in a month due to 3 fundamental factors

In the past month, the price of XRP rallied 91% as the digital asset at last found some spark and is now playing catch up...

Biden plans for former Fed Chair and noted Bitcoin bear to lead US Treasury

As President-Elect Biden continues to round out his roster of appointees, he has tapped an Obama-era chair of the Federal Reserve to lead his...

Crypto users speak out on proposed change to FinCEN Travel Rule

Since the U.S. Federal Reserve and Financial Crimes Enforcement Network opened a proposed rule to acquire more information on smaller international transactions, many crypto...

In yet another attack on a major decentralized finance (DeFi) protocol, farming project Pickle Finance has been exploited today to the tune of $20 million. 

The attack transpired roughly two hours ago, and ETH-savvy Twitter users were quick to notice that pickle’s cDAI jar — Pickle’s term for a yield-bearing vault — had been emptied:

Unlike other recent attacks however, this particular exploit did not feature flashloans — an increasingly maligned DeFi tool that allows would-be exploiters additional liquidity with which to manipulate on-chain prices. Instead, this hacker swapped funds between a malicious copycat contract and the cDAI jar. 

In an interview with Cointelegraph, Emiliano Bonassi — a self-described whitehat hacker and the co-founder of DeFi Italy — explained that the attacker created “evil jars, ” smart contracts which “have the same interface of traditional jars but do bad things.”

The attacker then swapped funds between his “evil jar” and the real cDAI jar, making off with the $20 million in deposits.

Particularly after the attack on Harvest Finance, Pickle Finance had looked to be on its way towards becoming one of the preeminent farming protocols. As of press time, Pickle’s stats website reported nearly $75 million total value locked remaining on the books, while the price of pickle, Pickle Finance’s governance token, is down 50% on the day to $11.16.

Pickle Finance’s woes are just the latest in a troubling trend across the DeFi space. Recent exploit victims in just the last few weeks include Harvest Finance, Value DeFi, Akropolis, Cheese Bank, and Origin Dollar, among others.

Perhaps, however, the vulnerabilities of one DeFi vertical might lead to the success of another. Said one Twitter trader: