Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
On April 30th, the cross-chain lending protocol Pike Finance tweeted that its Pike Beta protocol had been attacked, resulting in losses of 99,970.48 ARB, 64,126 OP, and 479.39 ETH. The exploit was caused by weak security measures in Pike's contract functions when handling CCTP transfers. On April 26th, Pike Finance's USDC pool was hacked, resulting in losses of approximately $300,000. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 1,680,000.
- chain
- —
- protocol
- Pike Finance
- bug_class
- logic
- date_occurred
- 2024-04-30
- loss_usd
- $1,680,000
- source_id
- sm:pike-finance::2024-04-30