Popsicle Finance Suffers $25 Million Hack Attack


Popsicle Finance has suffered an approximately $25 million hack attack. The developers have called for the withdrawal of cryptocurrency from all pools.

August 4, 2021, | AtoZ MarketsPopsicle Finance, a service for profitable farming on multiple blockchains, lost $25 million in a hack attack. Security researcher Mudit Gupta drew attention to this.

The hack was difficult, but the bug was simple,” he wrote.

Gupta said that he had previously discovered a similar bug in another protocol, but in general, it has been used about a dozen times. The latest problems for DeFi users are related to the recent update of the Uniswap decentralized exchange, which gave liquidity providers the ability to customize parameters.

For example, to increase earnings, you can define a price range in which liquidity will be provided. As a result, liquidity providers are motivated to adjust the range as accurately as possible and are forced to make changes when the rate goes beyond it.

Popsicle Finance hacked, users suffer large losses

One of Popsicle Finance’s products, Sorbetto Fragola, helps solve this problem by placing assets in the most profitable pools for a small commission. In it, a bug was discovered, due to which users suffered large losses. One of them said that he “lost not everything, but six figures, and it is painful.” Another wrote that he lost 40% of his portfolio.

Basically, Popsicle does not transfer debt when a user moves their stakes. As a result, many attack vectors are opened, one of which was involved in this case. The new address can receive awards from day zero, and not from the moment the deposit is credited. This is exactly what the attacker did. This bug also allows you to continue to transfer shares and receive rewards from the same shares multiple times using different accounts,” writes Gupta.

Following the news of Popsicle Finance hack attack, its own token dropped by 30% at the time of writing. The developers urge users to withdraw liquidity from the ETH/AXS, ETH/SLP, ETH/LINK, and EURt pools.

Earlier in April, hackers exploited Uranium Finance and it was drained of more than $50 million. AtoZMarkets also reported PancakeBunny which suffered a major exploit that allowed a hacker to make off with more than $200 million worth of crypto assets.

Think we missed something? Let us know in the comment section below.

Share Your Opinion, Write a Comment