Bitcoin Forum

A yield finance protocol Pickle Finance was hacked today for a significant amount.
Pickle finance representatives advised its users to withdraw their DAI balance from Pickle, until the situation gets resolved.
Nearly $20,000,000 DAI was stolen from a wallet belonging to Pickle Finance by an unknown hacker.


https://cryptonews.exchange/2020/11/22/defi-pickle-finance-hacked-with-20-million-stolen/ (https://cryptonews.exchange/2020/11/22/defi-pickle-finance-hacked-with-20-million-stolen/)

And people still use defi after all these hacks. Too many hacks for too small time

Why is it so happen? How we should know what coin to be kept in secured if even some good defi coins could be stolen by the hackers.

Anyway, I am more excited on bitcoin not because altcoins are not good but because bitcoin is bullish right now and close to break the ATH record of the year 2017. Anyway, there are good altcoins too in the market that are also keeping with bitcoin and visible like the XRP. This altcoin had done good just recently and that I hope other altcoins will do as well.

This hacks on DeFi projects will at least make many finally understand that decentralized isn't safe either cos many believe that DeFi projects are safer, what's the different between these decentralized projects and centralized projects? Decentralized should be safer and stronger but instead they are getting hacked easily, this is a big slap to all decentralized platforms as they can't even backed their own words.  

Some project was in so much hurry in picking up with the trend that they didn't put enough resource for their platform security. That is why we are seeing such an incident like this. We have faced a similar incident in the YAM token too when someone found a bug in their system the whole market collasp. A decentralized platform should be more secure than a centralized one.

Yeah , I don't think we should continue supporting that kind of investment if the project it self don't secure their investors and the money inside of it.this time we must learn because the amount of money lost in the defi project is already large due to the many hacks that have already taken place.

I spoke with the representatives of Pickle Finance in their telegram chat, and they were very defensive, even banned my account and deleted some posts.

I questioned if there will be some compensation on the loss of funds of people who were holding finance in Dai Jar, but their response at the moment was "we got our attention at the hack itself at the moment"

The most interesting part is that the project was audited for security with 2 companies -- MixBytes and HAECHI, doesn't it mean it's supposed to be secure from external attacks? Something's really fishy in this whole situation...

Being audited doesn't guarantee you a 100% free from external attacks, it will just give you the assurance that during that certain time, that smart contract is being audited with no error in their code and ready to use in their project. But the thing is, even a certain project is audited still it can be hack once it will receive some transactions internally and externally. and I don't know they audit company you've said as well, but then I believe in some defi projects as well, but we should learn how to choose which defi project we will use our money and spend our time.

It’s just like the ICO boom of a few years ago, too many scams for it to all be legit. Probably inside jobs all over the place, the big guys attracting all the little guys in & then pulling the plug & running off into the sunset with all the money.

I think it is about time that all new defi platforms should be forced to stop business somehow and then security and code audit should be done professionally to get rid of any loopholes only then they should  be allowed to resume business.

If this continues then i fear that DeFi projects could get under the radar of the regulators because after losing money the investors can complain to regulators and other investigative agencies which may pave way for kyc and verification stuff for defis as well.

Hacked or was a planned robbery? There is a big difference.

DeFi hacks are the new exchange hacks looks like.

I still don't understand why would anybody put any money on those platforms.

This might be the start of a dying project with DeFi just like the old trend with ICO, and who knows that this can be an inside job. We must learn from our experience since then so don’t over confident with your DeFi tokens right now and start selling while you still can, hackers and manipulators will continue to exist, so be ready always and secured your investments.

For me personally, it will be difficult to carry out such a painstaking analysis to make sure that there are no vulnerabilities at such a high level of a particular project in which I am going to invest. It is very difficult and perhaps this is another risk for every investor.

It happens so frequently. I wonder is it the same exploit used for various defi projects or what? It seems the hackers are now targetting all these defi projects one by one because it's kinda easy in their eyes and profitable to hack them.
These defi projects need to seriously take care of their security because at this point it's critical.
Except ICO doesn't usually have hacking incident this usual. I think it's because there's too much undiscovered exploit within these defi projects system.

No, neither of them admitted that this was the result of their audit. LOL

Mixbytes claims they did not audit the part of the contract that was the target of hacking, they only audit other contracts.
Source: https://twitter.com/MixBytes/status/1330413943148441602

HAECHI claims that the contract which is the target of the hack is a new contract that is not subject to the security audit.
Source: https://twitter.com/haechi_audit/status/1330347468802973698
I'm not a coder to ask questions: how the contract that triggers the hack can be said to be not subject to a security audit?

This would put Pickle even more into the corner.

This opens a whole new perspective on the situation.

So it means the Pickle Finance run a new contract (yesterday they tweeted about such update) which wasn't audited for security and putting the funds of contributors at risk.


From what i've heard it's a new exploit (not the same Flash Loan attack that used on DeFi previously)

Pickle Finance is going to publish an official announcement to reponse on the situation soon. I wonder what they'll come up with.

These defi based hacks and thefts should be thoroughly investigated by some competent and professional authority because it could well be that the team or employee gets greedy and steals big sum out because they are the insiders and have access to sensitive information and data for all others i do not think hacking a decentralized, custody free paltform is an easy task.

This hacker was really a headache in this type of business in crypto technology.  This is not a joke anyway, the amount that has been
stolen was definitely huge in usd$ price. The exchange must do something about this big issue problem, or if not for sure those holders
in the platform will sell all their assets and find a safest better exchange than this one in the end.

This constant hacking of Defi projects worries me. Who is going to pay for investors losses? This was how Axion was exploited during main-net migration, although they where able to bounce back after some community support. Can't we build something that seems unhackable which will give investors good confidence?