Published May 2, 20242 min read

How CCTP Security Became a Weak Link: Lessons from the Attack on Pike Finance

coinmooner logo
artwork image for: The Consequences of the Cyberattack on Pike Finance: How the Hack Cost $1.6 Million

The current era of Web3 is reaching millions of people's everyday lives, bringing decentralization and easing many aspects of their existence. However, like in all new technologies, there's a dark side. The crypto sphere is becoming a target for malicious actors who spare no effort in finding vulnerabilities, leaving behind devastating financial traces.

In today's news article, Coinmooner would like to share news about another incident that occurred on April 30 regarding the Pike Finance project. It's known that a cyber attack on Pike Finance resulted in the theft of $1.6 million in cryptocurrency, including 99,970 ARB, 64,126 OP, and 479.39 ETH. A vulnerability in the CCTP protocol allowed hackers to bypass security measures and access the system, stealing digital assets.

Pike Finance project promises to refund the stolen funds and warns about potential fraud attempts related to this incident. However, this situation is even more intriguing because the project team admitted that the attack happened due to insufficient security measures implemented in the contracts while managing transfers using the CCTP-lockup-lic protocol. This protocol is designed to secure USDC movement between different blockchains, simplifying the process and providing liquidity pooling. The service is provided by a well-known company in the crypto industry, Circle, which issues the USDC stablecoin.


Coinmooner decided to delve deeper into the details of the recent incident to illuminate the situation for our readers. Thanks to an official statement from Pike Finance, we'll now uncover some key aspects.

According to company representatives, changes occurred in the storage structure, which were linked to the emergence of new variables. However, little attention should have been paid to the change in the position of the initialized variable. This led to other variables occupying the memory position reserved for the initialized one. As a result, a mismatch in memory allocation could have negatively impacted system performance.

Furthermore, security experts have also raised alarm, urging customers to remain vigilant. They warn that malicious actors might exploit this incident to spread false information about token refunds. The attackers' goal may be disinformation and attempting to acquire user data through phishing websites.

On our part, Coinmooner, in the interest of our readers' safety and awareness, promises to continue monitoring developments and providing all relevant information. We also emphasize verifying information sources to prevent potential scammer encounters. It's crucial to conduct one's analysis of the situation and avoid making hasty decisions. Also, special attention should be given to using advanced protection methods in the Web3 sphere to reduce potential risks of financial loss.

Share This Article
Keep learning

Subscribe to our newsletter

Get the relevant crypto news and promising coins straight to your inbox