Hacking Alert: Popsicle Finance ($ICE) Suffers $25 Million Exploit, Price Falls by 50%
Popsicle Finance ($ICE), a multichain yield optimization platform for liquidity providers has become the latest Defi protocol to face a major exploit on its network. The hackers managed to drain a whopping $25 million by exploiting a bug in the reward debt mechanism.
Mudit Gupta, a known bug bounty hunter explained that the protocol doesn’t transfer reward debt when users send their share of tokens. The network updates `token0PerSharePaid` and `token1PerSharePaid` against depositors to keep track of the deposited tokens. This way the protocol payout users from the date they entered rather than from the first day. However, the bug here is that these variables are not updated as soon as the user deposits tokens into the system.
This way a user can claim rewards for the same share from multiple accounts as it is not registered on the network. This was what the explorers did with the Popsicle finance and managed to get away with $25 million worth of tokens.
Gupta highlighted that the bug is not new and has been exploited a dozen times on other protocols as well. He himself had reported the same bug in June.
In June, I reported the same bug in WildCredit. This bug has been exploited in like a dozen other protocols already. Auditors and Smart contract devs need to keep up with the ecosystem. This code should not have made it to production.
Popsicle Finance acknowledged the hack on its network but assured that only the Fragola contract was breached and rest all contracts are completely secure. They also advised traders to remove any funds from ETH/AXS, ETH/SLP, ETH/LINK, or any EURt Pool immediately.
1/
We are aware of the current exploit to Fragola. We will investigate and publish post mortem.
The other Popsicle Finance's contracts have not been exploited.
If you still have funds in the ETH/AXS, ETH/SLP, ETH/LINK or any EURt Pool please remove them immediately.
— Popsicle Finance (@PopsicleFinance) August 4, 2021
$ICE Price Nose Dive by 50%
The exploit had an immediate impact on the price of the native token called ICE which fell by 50%. The price of the ICE token nose-dived from a daily high of $2.31 to a daily of $0.931 before recovering up to $1.15.
The popularity of defi and the launch of new projects with instant success has made it one of the biggest attractions for exploiters. Only last month Polygon-based Safedollar was exploited as well that saw its price crash to zero.
- IBIT Bitcoin ETF Becomes BlackRock’s Most Profitable Fund, Nears $100B Milestone
- Bitcoin Tops $126,000 as Market Prices In Three-Week U.S. Government Shutdown
- Paul Tudor Jones Predicts Explosive Bull Market Amid Bitcoin’s ‘Uptober’ Rally
- Robinhood Outage Reported by Users, HOOD Stock Drops
- Tom Lee’s BitMine Adds $820M Worth of Ethereum as ETH Rebounds
- Solana Price Eyes 56% Rebound Amid Solana Company’s Massive $530M SOL Acquisition
- Ethereum’s Price Bullish Cycle Resumes as Grayscale Launches Spot Staking ETPs – Is $7,331 Next?
- Pi Network Price Risky Pattern Points to Crash as 14M Coins Leave OKX
- Bitcoin Price Prediction as Exchange Reserves Hit 6-Year Low—Is $150K Within Reach?
- Dogecoin Price Rebounds 15% From Buy Zone as Whales Add 30M DOGE – Can Bulls Push Beyond $0.30?
- FLOKI Price Prediction as ETP Listing Drives Adoption—Is a 160% Rally Ahead?
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more…to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
