Popular decentralized finance (DeFi) protocol Pickle Finance was hacked on Saturday, draining $19.7 million in DAI, a decentralized stablecoin pegged to the U.S. dollar, from a Pickle wallet.
- “There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates,” the Pickle Finance team announced on their official Twitter account.
- The price of Pickle's native token (PICKLE) fell 50.12% to $10.17 on the news, according to Messari data. It has since rebounded to around $12.60.
Pickle came on the scene Sept. 11 as one of many food-themed DeFi projects. The fully automated system rewards users with interest payments and token disbursements in PICKLE, ether and stablecoin pairings for providing liquidity to several stablecoin pools.
- Pickle’s pJars, similar to yearn.finance’s vaults, found and executed arbitrage opportunities between stablecoin deposits on several protocols, nominally to push these stablecoins towards their peg, but also to reward Pickle users.
On Friday, the team introduced the cDAI jar, a “new strategy” aimed at maximizing returns from DAI deposited on the decentralized lending protocol Compound. The Pickle team, and a group of "white hat hackers" have traced the 19,759,355 DAI weekend exploit to this smart contract, according to a blog post.
- "This was a very complicated attack and involved many components of the Pickle protocol. As of right now, it does not seem that any other funds are at risk," they said. "While we work on the fix to remove the attack vector, the white hat group has decided that we should not publish any details of the actual attack yet."
- A fix was estimated by Sunday at 15:00 UTC.
“We’re encouraging all LPs to withdraw their funds from the Jars until the issues have been resolved,” the Pickle team tweeted.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.