$pickle in a pickle as attacker swipes $20 million in “evil jar” exploit

$pickle in a pickle as attacker swipes $20 million in “evil jar” exploit


In yet another attack on a major decentralized finance (DeFi) protocol, farming project Pickle Finance has been exploited today to the tune of $20 million. 

The attack transpired roughly two hours ago, and ETH-savvy Twitter users were quick to notice that pickle’s cDAI jar — Pickle’s term for a yield-bearing vault — had been emptied:

I think @picklefinance‘s cDAI jar just got attacked and drained. https://t.co/Lxwi2dWSSZ pic.twitter.com/nUBE1KjEPh

— mattyb (@mattybchats) November 21, 2020

Trending: Bulldog Trump Attorney To Raffensperger: “People Are Going To Prison In Georgia”

Unlike other recent attacks however, this particular exploit did not feature flashloans — an increasingly maligned DeFi tool that allows would-be exploiters additional liquidity with which to manipulate on-chain prices. Instead, this hacker swapped funds between a malicious copycat contract and the cDAI jar. 

In an interview with Cointelegraph, Emiliano Bonassi — a self-described whitehat hacker and the co-founder of DeFi Italy — explained that the attacker created “evil jars, ” smart contracts which “have the same interface of traditional jars but do bad things.”

Continue reading

You Might Like

Do NOT follow this link or you will be banned from the site!
Send this to a friend