Recap of where we're at with Pickle:
— Nick Chong (@n2ckchong) November 21, 2020
Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.
$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).
No flash loan was involved as first believed. pic.twitter.com/pm3QZOV6nc
Recap of where we're at with Pickle:
— Nick Chong (@n2ckchong) November 21, 2020
Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.
$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).
No flash loan was involved as first believed. pic.twitter.com/pm3QZOV6nc
Recap of where we're at with Pickle:
— Nick Chong (@n2ckchong) November 21, 2020
Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.
$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).
No flash loan was involved as first believed. pic.twitter.com/pm3QZOV6nc
However I always admire the genius behind these attacks. It is paradoxical but every "attack" just makes crypto and defi space more robust in the long run.
It appears to be a bug related to Pickle’s Swap Jar functionality, which allows yield farming strategies to be swapped. The issue was that there apparently was no check to ensure that the Jar the funds were being swapped into was not malicious.
This resulted in the removal of $20m from the contract. It is currently unclear what the attacker will do with the funds, though there are some that have attempted to contact the attacker to try and get their money back.
"Damn. Congrats for those 19M. You just got your life resolved! Mine isn't though :/ If you feel like donating a bit to me feel free to do it. Thanks bro."
"I lost 100,000$ in your attack. I am a nurse. These are all my savings. I hope you can returnm it to me. Everyone will get sick. Think of the nurses who care you when you are sick. I wish you always healthy and enjoy the happiness of the world. GOD BLESS YOU."
"Hello. I worked very hard for almost 2 years to buy 30 ETH this year. I recently used Pickle because I thought DEFI was the best way to make money fast. To be honest, I grew to 80 ETH."
"Bro, my life savings of 60,000 US dollars are all in Pickle finance, can you pay me back, thank you very much!!"
This is the latest in many recent DeFi exploits. Previous attacks included those on Harvest Finance, Value DeFi, Akropolis’ Delphi yield farming pool, and a number of others.