Nearly $20 million stolen from the DeFi protocol Pickle Finance

• Pickle Finance loses #20 million in stablecoin DAI.
• The token of the project loses over 50% of its value.

Another liquidity mining project fell victim to the hack attack and lost about $20 million of users’ funds in DAI tokens. The attacker exploited the vulnerability of Pickle Finance smart contract called DAI PickleJar using fake swaps.

Notably, the hacker chose to avoid a flash loan scheme used in most similar incidents recently. Instead, they deployed a malicious jar and passed in fake swaps.

Emiliano Bonassi, a founder of  DeFi Italy and a white hacker, explained in the recent tweet:

Evil jars deployed during the attack and passed in the swapExactJarForJar. In addition, in the second invocation for swapExactJarForJar, there were passed a target and doing a delegate call to CurveProxyPool.

He also added that the attacker used a really elaborate scheme.

The team of the project confirmed the exploit and said that 19,759,355 DAI were drained. They also added that the attacker used a very complicated scheme involving many components from the Pickle protocol. Currently, the team is working on the solution together with a group of white hackers.

While we work on the fix to remove the attack vector, the white hat group has decided that we should not publish any details of the actual attack yet. Although we have taken steps to mitigate further attacks, we do not want to tempt fate in the meantime.

The token of the project (PICKLE) lost over 50% of its value after the hack attack. The price tested the low of $8.84 before recovering to $12 by the time of writing.  The project takes 2333 place in the global cryptocurrency market rating, while its total capitalization remains unknown.

Pickle allows users to earn PICKLE tokens in exchange for liquidity in four stablecoin pools: DAI/ETH USDC/ETH USDT/ETH sUSD/ETH.