DeFi Protocol Pickle Finance Token Loses Almost Half Its Value After $19.7M Hack

Popular decentralized finance protocol Pickle Finance was hacked on Saturday, draining $19.7 million in DAI.

AccessTimeIconNov 22, 2020 at 4:28 p.m. UTC
Updated Sep 14, 2021 at 10:33 a.m. UTC

Popular decentralized finance (DeFi) protocol Pickle Finance was hacked on Saturday, draining $19.7 million in DAI, a decentralized stablecoin pegged to the U.S. dollar, from a Pickle wallet.

  • “There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates,” the Pickle Finance team announced on their official Twitter account.
  • The price of Pickle's native token (PICKLE) fell 50.12% to $10.17 on the news, according to Messari data. It has since rebounded to around $12.60.  

Pickle came on the scene Sept. 11 as one of many food-themed DeFi projects. The fully automated system rewards users with interest payments and token disbursements in PICKLE, ether and stablecoin pairings for providing liquidity to several stablecoin pools. 

  • The project attempted to bring price stability to the four top stablecoins, DAI, USDC, USDT and sUSD, which are frequently knocked off their dollar peg. 
  • Pickle’s pJars, similar to’s vaults, found and executed arbitrage opportunities between stablecoin deposits on several protocols, nominally to push these stablecoins towards their peg, but also to reward Pickle users.

On Friday, the team introduced the cDAI jar, a “new strategy” aimed at maximizing returns from DAI deposited on the decentralized lending protocol Compound. The Pickle team, and a group of "white hat hackers" have traced the 19,759,355 DAI weekend exploit to this smart contract, according to a blog post.

  • "This was a very complicated attack and involved many components of the Pickle protocol. As of right now, it does not seem that any other funds are at risk," they said. "While we work on the fix to remove the attack vector, the white hat group has decided that we should not publish any details of the actual attack yet."
  • A fix was estimated by Sunday at 15:00 UTC.

“We’re encouraging all LPs to withdraw their funds from the Jars until the issues have been resolved,” the Pickle team tweeted.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Read more about