In a troubling turn of events for Pike Finance, the platform has fallen victim to a second cyber attack within a mere four-day span, resulting in cumulative losses nearing $1.9 million.
Following the initial breach on April 26, which prompted an immediate suspension of the protocol, Pike Finance found itself targeted once again between 21:45 and 22:20 (UTC) on April 30. The pause, intended as a precautionary measure, inadvertently introduced a new vulnerability that was swiftly exploited by malicious actors.
Upon detection, crypto security firm Ancilia swiftly flagged three suspicious transactions spanning the Optimism, Arbitrum, and Ethereum networks. Investigations revealed that the attacker successfully ‘upgraded’ Pike Finance contracts, granting them unauthorized access to withdraw funds held within.
Subsequently, the stolen assets, totaling approximately $1.9 million, were converted to ETH and funneled into the privacy-centric Railgun protocol.
Acknowledgment of the breach came via X (formerly Twitter), where Pike Finance disclosed losses amounting to around 64k OP ($150,000), 100k ARB ($105,000), and 480 ETH ($1.4 million). The statement affirmed the connection to the prior incident and pledged a 20% bounty for the return of the pilfered funds, alongside a commitment to devising a restitution plan for affected users.
This double whammy has naturally left Pike Finance’s community reeling, with sentiments of frustration and disillusionment permeating discussions on the platform’s Discord channel. Some voices within the community have proposed refunding pre-sale investments as a gesture of goodwill, though this suggestion has inadvertently provided fertile ground for phishing scams masquerading as official Pike Finance communications.
As Pike Finance scrambles to shore up its defenses and make amends with its user base, the broader cryptocurrency community remains on high alert, underscoring the pressing need for robust security measures in decentralized finance.