Popular DeFi yield aggregator Pickle Finance was hacked Saturday for 19.7 million DAI. The unaudited DeFi protocol had gained much popularity among DeFi investors for its innovative earning strategies. 

Pickle Finance Shaken by Exploit   

The DeFi protocol Pickle Finance earns from arbitrage trading stablecoins between various platforms. The design is similar to yEarn’s vaults, which requires liquidity providers (LPs) to deposit their stablecoins in so-called “PickleJars.”  

The hackers attacked the pDAI PickleJar linked to Compound in what has been described as a “complicated attack” by Pickle developers. 

Reportedly, it took the developing team three hours to identify the source of the attack. The disputed part of the code was revoked on Nov. 22, removing the critical piece of future exploits. 

Was in a 5h long late-night/early-morning war ⚔️ room where reverse engineering took place last night with @bantg @emilianobonassi @bneiluj @samczsun and the @picklefinance team

One of the most intricate hacks till now in the ecosystem 🤯

Diagram showing the series of events👇 pic.twitter.com/rh0Dd9kd5x

— vasa (@vasa_develop) November 22, 2020

After the hack, the PICKLE token price dropped 62.3%, from $23 to lows of $8.7. It bounced back to $12.5 after implementing a fix but continues to trade below September and October lows of $15.  

The total value locked (TVL) in the protocol at press time is $26.3 million. 

They have resumed deposits to other jars in the latest update but have implored users to “refrain from depositing in the DAI Jar for now.“ 

The detailed postmortem revealed further vulnerabilities, which the team expects to fix “in the coming days and weeks.”