Popular decentralized finance (DeFi) protocol Pickle Finance was hacked on Saturday, draining $19.7 million in DAI, a decentralized stablecoin pegged to the U.S. dollar, from a Pickle wallet.
- “There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates,” the Pickle Finance team announced on their official Twitter account.
- The price of Pickle's native token (PICKLE) fell 50.12% to $10.17 on the news, according to Messari data. It has since rebounded to around $12.60.
Pickle came on the scene Sept. 11 as one of many food-themed DeFi projects. The fully automated system rewards users with interest payments and token disbursements in PICKLE, ether and stablecoin pairings for providing liquidity to several stablecoin pools.
- The project attempted to bring price stability to the four top stablecoins, DAI, USDC, USDT and sUSD, which are frequently knocked off their dollar peg.
- Pickle’s pJars, similar to yearn.finance’s vaults, found and executed arbitrage opportunities between stablecoin deposits on several protocols, nominally to push these stablecoins towards their peg, but also to reward Pickle users.
On Friday, the team introduced the cDAI jar, a “new strategy” aimed at maximizing returns from DAI deposited on the decentralized lending protocol Compound. The Pickle team, and a group of “white hat hackers” have traced the 19,759,355 DAI weekend exploit to this smart contract, according to a blog post.
- "This was a very complicated attack and involved many components of the Pickle protocol. As of right now, it does not seem that any other funds are at risk," they said. "While we work on the fix to remove the attack vector, the white hat group has decided that we should not publish any details of the actual attack yet."
- A fix was estimated by Sunday at 15:00 UTC.
“We’re encouraging all LPs to withdraw their funds from the Jars until the issues have been resolved,” the Pickle team tweeted.