Pike Finance exploited for $1.6M in second incident in 3 days

Pike Finance has been exploited, resulting in the loss of $1.68 million worth of digital assets. The incident marks the protocol's second exploit in three days.

Decentralized finance (DeFi) lending protocol Pike Finance suffered a $1.68 million exploit across the Ethereum, Arbitrum and Optimism chains on April 30, according to a report from on-chain analytics firm CertiK.

The attacker used a vulnerability in Pike Finance's smart contract to change the output address, draining the contract of over $1.4 million worth of Ether, $150,000 worth of Optimism (OP) tokens and over $100,000 worth of Arbitrum (ARB) tokens, according to CertiK.

Pike also suffered a $300,000 exploit on April 26.

The two attacks stemmed from the same smart contract vulnerability, which allowed the attacker to override the contract, according to a May 1 X post by Pike Finance: "This misalignment caused the contract to behave as if it was uninitialized since the *initialized* variable could no longer be accessed. As a result, attackers were then able to upgrade the spoke contracts, bypassing admin access, and as a result, withdraw funds."

Pike Finance is offering a 20% reward for the return of the funds or information leading to the recovery of the funds. The protocol will continue investigating the exploit.