Pike Finance offered hackers a reward of 20% of assets ($320,000) for the return of stolen funds. The same reward is offered for information, thanks to which the project will be able to return the stolen crypto assets.
The exploit was discovered on April 30th. The Pike Finance team explained that insufficient security measures implemented in contracts during the transfer management process using the Cross-Chain Transfer Protocol (CCTP) led to the exploit. This service is offered by Circle, the company that produces the USDC stablecoin, noted Pike Finance.
"New variables were introduced that changed the structure of the repository, in particular, the position of the initialized variable. As a result, the position occupied by the initialized variable was occupied by other variables, which led to a mismatch in memory allocation," the Pike Finance team tried to explain on its page on the social network X.
The attackers managed to update peripheral contracts, then bypass administrator access and steal crypto assets. The Pike Finance team assured that they will develop a plan for a full refund to users of all funds. Security experts have also warned customers to remain vigilant. Fraudsters can take advantage of the incident to publish false information about the return of tokens in order to take over user data through phishing sites.
Over the past year, losses of cryptocurrency companies amounted to $2.61 billion, which is 27% less than in 2022, according to PeckShield figures. In February, hackers were able to commit a major hack — they attacked the PlayDapp gaming platform and withdrew assets worth $31 million.