{"id":32159,"date":"2020-11-22T10:39:47","date_gmt":"2020-11-22T08:39:47","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=32159"},"modified":"2025-08-28T07:17:23","modified_gmt":"2025-08-28T04:17:23","slug":"defi-project-pickle-finance-lost-nearly-20-million-in-hack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/defi-project-pickle-finance-lost-nearly-20-million-in-hack\/","title":{"rendered":"DeFi project Pickle Finance lost nearly $20 million in hack"},"content":{"rendered":"<p>An attacker withdrew about $19.76 million from one of the Pickle Finance protocol&#8217;s smart contracts.<!--more--><\/p>\n<div id=\"attachment_117300\" style=\"width: 1234px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-117300\" class=\"wp-image-117300 size-full\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-2-2.png\" alt=\"DeFi-\u043f\u0440\u043e\u0435\u043a\u0442 Pickle Finance \u043f\u043e\u0442\u0435\u0440\u044f\u043b \u043f\u043e\u0447\u0442\u0438 $20 \u043c\u043b\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u0437\u043b\u043e\u043c\u0430\" width=\"1224\" height=\"304\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-2-2.png 1224w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-2-2-300x75.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-2-2-1024x254.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-2-2-768x191.png 768w\" sizes=\"auto, (max-width: 1224px) 100vw, 1224px\" \/><\/p>\n<p id=\"caption-attachment-117300\" class=\"wp-caption-text\">Source: Etherscan.<\/p>\n<\/div>\n<p>The project token fell about 57%\u2014from $22.75 to $9.72 at the time of writing (<a href=\"https:\/\/www.coingecko.com\/en\/coins\/pickle-finance\" target=\"_blank\" rel=\"noopener noreferrer\">CoinGecko<\/a>).<\/p>\n<div id=\"attachment_117301\" style=\"width: 802px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-117301\" class=\"wp-image-117301 size-full\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-2.png\" alt=\"DeFi-\u043f\u0440\u043e\u0435\u043a\u0442 Pickle Finance \u043f\u043e\u0442\u0435\u0440\u044f\u043b \u043f\u043e\u0447\u0442\u0438 $20 \u043c\u043b\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u0437\u043b\u043e\u043c\u0430\" width=\"792\" height=\"504\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-2.png 792w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-2-300x191.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-2-768x489.png 768w\" sizes=\"auto, (max-width: 792px) 100vw, 792px\" \/><\/p>\n<p id=\"caption-attachment-117301\" class=\"wp-caption-text\">Source: CoinGecko.<\/p>\n<\/div>\n<p>The Pickle Finance team said it is &#8220;actively investigating&#8221; the incident and urged users to withdraw funds from the Jar storages.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates.<\/p>\n<p>\u2014 Pickle Finance \ud83e\udd52 (@picklefinance) <a href=\"https:\/\/twitter.com\/picklefinance\/status\/1330242051468910596?ref_src=twsrc%5Etfw\">November 21, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Co-founder of DeFi Italy Emiliano Bonassi noted that the hacker did not use flash loans as in most similar attacks. The attacker created a malicious storage and, through fake swaps, drained about $20 million from deposits in the Compound DAI (cDAI) stablecoin.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">Evil jars deployed during the attack and passed in the swapExactJarForJar, investigating more on this<a href=\"https:\/\/t.co\/szRloiecV8\">https:\/\/t.co\/szRloiecV8<\/a><a href=\"https:\/\/t.co\/l2xT4zhQB1\">https:\/\/t.co\/l2xT4zhQB1<\/a><\/p>\n<p>The are sensible ops executed in that method (e.g. approve, withdraw etc). <a href=\"https:\/\/t.co\/29RNkF4vJb\">pic.twitter.com\/29RNkF4vJb<\/a><\/p>\n<p>\u2014 Emiliano Bonassi | emiliano.eth (@emilianobonassi) <a href=\"https:\/\/twitter.com\/emilianobonassi\/status\/1330239233538318339?ref_src=twsrc%5Etfw\">November 21, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Bonassi, the hack was extremely sophisticated and well-orchestrated.<\/p>\n<p>Earlier the hacker <a href=\"https:\/\/u1f987.com\/en\/news\/value-defi-project-loses-6-million-in-flash-loan-attack\">withdrew<\/a> from the Value DeFi project about $6 million in DAI and USDC stablecoins, using flash loans.<\/p>\n<p>Follow ForkLog News on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An attacker withdrew about $19.76 million from one of the Pickle Finance protocol&#8217;s smart contracts.<\/p>\n","protected":false},"author":1,"featured_media":32160,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-32159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"35","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=32159"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32159\/revisions"}],"predecessor-version":[{"id":32161,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/32159\/revisions\/32161"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/32160"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=32159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=32159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=32159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}