Pike Finance 遭遇第二次攻擊，數位資產損失 168 萬美元

Pike Finance 成為三天內第二次攻擊的受害者，導致以太坊、Arbitrum 和 Optimism 鏈上價值 168 萬美元的數位資產被盜。攻擊者利用Pike Finance 智能合約中的漏洞，允許他們更改合約的輸出地址並消耗價值超過140 萬美元的以太幣(ETH)、價值超過15 萬美元的Optimism (OP) 代幣以及價值超過10 萬美元的Arbitrum (ARB) ) 令牌。

Pike Finance Suffers Second Exploit in Three Days, Losing $1.68 Million

Pike Finance三天內第二次遭受攻擊，損失168萬美元

Pike Finance, a decentralized finance (DeFi) lending protocol, has fallen victim to a second exploit in less than a week, resulting in the loss of $1.68 million worth of digital assets. Following a $300,000 exploit on April 26, the latest attack targeted Pike Finance's Ethereum, Arbitrum, and Optimism chains on April 30.

去中心化金融 (DeFi) 借貸協議 Pike Finance 在不到一周的時間內遭受了第二次攻擊，導致價值 168 萬美元的數位資產損失。繼 4 月 26 日發生價值 30 萬美元的攻擊後，最新的攻擊於 4 月 30 日針對 Pike Finance 的以太坊、Arbitrum 和 Optimism 鏈。

According to a report from on-chain analytics firm CertiK, the attacker exploited a vulnerability in Pike Finance's smart contract to alter the output address, draining the contract of over $1.4 million worth of Ether (ETH), $150,000 worth of Optimism (OP) tokens, and over $100,000 worth of Arbitrum (ARB) tokens.

根據鏈上分析公司 CertiK 的報告，攻擊者利用 Pike Finance 智能合約中的漏洞更改輸出地址，耗盡合約價值超過 140 萬美元的以太幣 (ETH)、價值 15 萬美元的 Optimism (OP) 代幣，以及價值超過10 萬美元的Arbitrum (ARB) 代幣。

The same smart contract vulnerability was responsible for both attacks, allowing the attacker to bypass admin access and withdraw funds. Pike Finance has attributed the vulnerability to a misalignment in the contract's initialization process, rendering it susceptible to unauthorized upgrades and fund withdrawals.

這兩次攻擊都是由同一個智慧合約漏洞造成的，攻擊者可以繞過管理員存取權並提取資金。 Pike Finance 將此漏洞歸因於合約初始化過程中的錯位，導致其容易受到未經授權的升級和資金提取的影響。

In response to the exploit, Pike Finance has offered a 20% reward for the return of the stolen funds or information leading to their recovery. The protocol is currently investigating the incident and implementing measures to prevent future attacks.

為了應對這一漏洞，Pike Finance 提供了 20% 的獎勵，要求歸還被盜資金或導致追回的資訊。該協議目前正在調查該事件並採取措施防止未來的攻擊。

Crypto Hacks Hit Record Low in April

四月加密貨幣駭客數量創歷史新低

Despite the Pike Finance exploits, cryptocurrency hacks and scams reached a three-year low in April, according to a separate report from CertiK. The total losses amounted to $25.7 million, representing a significant decline from the previous month's $62.8 million and the lowest monthly total since 2021.

根據 CertiK 的另一份報告，儘管存在 Pike Finance 漏洞，但 4 月加密貨幣駭客和詐騙數量仍達到三年來的最低點。總損失達 2,570 萬美元，較上月的 6,280 萬美元大幅下降，為 2021 年以來的最低月損失總額。

The drop in crypto attacks is primarily attributed to a decrease in private key compromises. In March, 11 attacks against protocols involved compromised private keys, while April saw only three such incidents. However, the report emphasizes that crypto attacks remain a pervasive industry issue, with over $502 million stolen in the first quarter of 2024.

加密攻擊的下降主要歸因於私鑰外洩的減少。 3 月份，有 11 起針對協議的攻擊涉及私鑰洩露，而 4 月只有 3 起此類事件。然而，報告強調，加密攻擊仍然是一個普遍存在的行業問題，2024 年第一季就有超過 5.02 億美元被盜。

Surging Hacks Underscore Growing DeFi Risks

駭客攻擊激增凸顯 DeFi 風險日益增加

While April's low monthly hack total provides some respite, the overall trend of increasing crypto attacks is concerning. In the first quarter of 2024, hacks and exploits accounted for a staggering $502 million worth of stolen digital assets, a 54% increase from the same period last year.

雖然 4 月份較低的月度駭客總數提供了一些喘息的機會，但加密貨幣攻擊增加的總體趨勢令人擔憂。 2024 年第一季度，駭客和漏洞導致的被盜數位資產價值高達 5.02 億美元，比去年同期成長 54%。

As the DeFi ecosystem continues to grow and attract more funds, it becomes an increasingly attractive target for malicious actors. The vulnerabilities in smart contracts, as evidenced by the Pike Finance exploits, highlight the need for robust security measures and ongoing monitoring to mitigate these risks.

隨著 DeFi 生態系統不斷發展並吸引更多資金，它成為惡意行為者越來越有吸引力的目標。 Pike Finance 漏洞所證明的智慧合約中的漏洞凸顯了採取強有力的安全措施和持續監控來減輕這些風險的必要性。

Governments and regulatory agencies are taking notice of the rising tide of crypto hacks and are exploring measures to protect investors. The US Securities and Exchange Commission (SEC) recently charged a New York-based company with allegedly defrauding investors of $50 million in a crypto Ponzi scheme.

各國政府和監管機構正在註意到加密貨幣駭客攻擊的興起，並正在探索保護投資者的措施。美國證券交易委員會 (SEC) 最近指控一家總部位於紐約的公司涉嫌透過加密貨幣龐氏騙局詐騙投資者 5000 萬美元。

Industry experts believe that increased regulation and collaboration between law enforcement and blockchain analysis firms can help combat crypto crime and protect the integrity of the DeFi ecosystem. As the industry evolves, it is imperative that protocols implement robust security measures, investors exercise due diligence, and regulators establish clear and enforceable guidelines to foster a secure and trustworthy environment for decentralized finance.

產業專家認為，執法部門和區塊鏈分析公司之間加強監管和合作有助於打擊加密貨幣犯罪並保護 DeFi 生態系統的完整性。隨著產業的發展，協議必須實施強有力的安全措施，投資者必須進行盡職調查，監管機構必須制定明確且可執行的指導方針，以便為去中心化金融營造一個安全且值得信賴的環境。