Decentralized lending protocol Pike Finance has experienced a significant loss of $1.6 million due to security vulnerabilities in its USDC transfer functions.
Pike Finance, known for its expertise in cross-chain lending within the decentralized finance sector, fell victim to a hacking incident resulting in the theft of over $1.6 million worth of alternative cryptocurrencies. In a recent announcement on May 1, the official Pike Beta protocol account disclosed that the exploit took place across Ethereum, Arbitrum, and Optimism networks, resulting in the loss of 99,970.48 ARB, 64,126 OP, and 479.39 ETH.
The Pike Finance team traced the exploit back to a “USDC vulnerability,” which had previously caused the protocol to lose $299,127 in stolen USDC across the same networks. In a detailed analysis released on Apr. 28, the team highlighted that the weak security measures within the functions managing USDC transfers through the cross-chain protocol were at the root of the assets’ loss.
This time, the vulnerability triggered a “misalignment in storage mapping,” causing the smart contract of the protocol to behave abnormally and enabling attackers to circumvent the admin access and withdraw funds. As a response, the team has offered a 20% reward for the safe return of the funds or for any information that could lead to their recovery.
Established in 2023, Pike Finance had secured $50,000 in USDC funding from Circle and Wormhole to support the launch of its mainnet in early Q1 of 2024. Serving as a cross-chain liquidity provider, Pike Finance allows users to supply and borrow native assets across various blockchain and sidechain networks.
For more information on similar incidents, you can also read about the recent hacking of Hedgey Finance for $44.7 million on Arbitrum and Ethereum platforms.