Pike Finance, a platform designed to simplify borrowing and lending digital assets across different blockchains, fell victim to a series of attacks in April 2024. Pike Finance allowed users to interact with their crypto directly on their native blockchains, eliminating the need for a complex "wrapping" process. This innovative approach aimed to streamline DeFi experiences.
However, between April 26th and 30th, hackers exploited a critical vulnerability in Pike Finance's smart contract code. This vulnerability, known as an access control issue, allowed unauthorized access to user funds. The attack spanned across three blockchains: Ethereum, Arbitrum, and Optimism, resulting in a total loss of over $1.98 million.
In a swift response to the hack, Pike Finance issued a statement, saying:
“On the 30th of April 2024, the Pike Beta protocol was exploited for 99,970.48 ARB, 64,126 OP and 479.39 ETH. This exploit is related to the initial USDC vulnerability that was reported last week on the 26th of April.”
Merkle Science’s Flow Funds Analysis:
26th April:
30th April:
Arbitrum:
99,970.4804 ARB and 3,009.9025 DAI were received in the ARB Exploiter address and were swapped for 34 ETH. Out of this, 33ETH was sent over to the ETH Exploiter address using a cross-chain bridge.
Optimism:
64,126.668 OP tokens (hack proceeds) were swapped for 50.2556 ETH and were sent over to the ETH Exploiter address using a cross-chain bridge.
Ethereum:
The ETH Exploiter received 50.1662 ETH from the OP blockchain and 32.995 from the Arbitrum blockchain in addition to the 479.3938 stolen on the Ethereum blockchain.
Of the total ETH received, 562 ETH was sent over to a DeFi relay protocol named RAILGUN.
What is the RAILGUN Relay?
RAILGUN is a smart contract system designed to provide Zero-Knowledge Privacy (ZK) for any on-chain DApp. In simpler terms, it allows users to engage with DeFi protocols without revealing their transaction details or account information.
How Does RAILGUN Work?
RAILGUN's magic lies in two key technologies:
Why do attackers use RAILGUN?