Pike Finance 遭遇第二次攻击，数字资产损失 168 万美元

Pike Finance 成为三天内第二次攻击的受害者，导致以太坊、Arbitrum 和 Optimism 链上价值 168 万美元的数字资产被盗。攻击者利用 Pike Finance 智能合约中的漏洞，允许他们更改合约的输出地址并消耗价值超过 140 万美元的以太币 (ETH)、价值超过 15 万美元的 Optimism (OP) 代币以及价值超过 10 万美元的 Arbitrum (ARB) ) 令牌。

Pike Finance Suffers Second Exploit in Three Days, Losing $1.68 Million

Pike Finance三天内第二次遭受攻击，损失168万美元

Pike Finance, a decentralized finance (DeFi) lending protocol, has fallen victim to a second exploit in less than a week, resulting in the loss of $1.68 million worth of digital assets. Following a $300,000 exploit on April 26, the latest attack targeted Pike Finance's Ethereum, Arbitrum, and Optimism chains on April 30.

去中心化金融 (DeFi) 借贷协议 Pike Finance 在不到一周的时间里遭受了第二次攻击，导致价值 168 万美元的数字资产损失。继 4 月 26 日发生价值 30 万美元的攻击后，最新的攻击于 4 月 30 日针对 Pike Finance 的以太坊、Arbitrum 和 Optimism 链。

According to a report from on-chain analytics firm CertiK, the attacker exploited a vulnerability in Pike Finance's smart contract to alter the output address, draining the contract of over $1.4 million worth of Ether (ETH), $150,000 worth of Optimism (OP) tokens, and over $100,000 worth of Arbitrum (ARB) tokens.

根据链上分析公司 CertiK 的报告，攻击者利用 Pike Finance 智能合约中的漏洞更改输出地址，耗尽合约价值超过 140 万美元的以太币 (ETH)、价值 15 万美元的 Optimism (OP) 代币，以及价值超过 100,000 美元的 Arbitrum (ARB) 代币。

The same smart contract vulnerability was responsible for both attacks, allowing the attacker to bypass admin access and withdraw funds. Pike Finance has attributed the vulnerability to a misalignment in the contract's initialization process, rendering it susceptible to unauthorized upgrades and fund withdrawals.

这两次攻击都是由同一个智能合约漏洞造成的，攻击者可以绕过管理员访问权限并提取资金。 Pike Finance 将该漏洞归因于合约初始化过程中的错位，导致其容易受到未经授权的升级和资金提取的影响。

In response to the exploit, Pike Finance has offered a 20% reward for the return of the stolen funds or information leading to their recovery. The protocol is currently investigating the incident and implementing measures to prevent future attacks.

为了应对这一漏洞，Pike Finance 提供了 20% 的奖励，要求归还被盗资金或导致追回的信息。该协议目前正在调查该事件并采取措施防止未来的攻击。

Crypto Hacks Hit Record Low in April

四月份加密货币黑客数量创历史新低

Despite the Pike Finance exploits, cryptocurrency hacks and scams reached a three-year low in April, according to a separate report from CertiK. The total losses amounted to $25.7 million, representing a significant decline from the previous month's $62.8 million and the lowest monthly total since 2021.

根据 CertiK 的另一份报告，尽管存在 Pike Finance 漏洞，但 4 月份加密货币黑客和诈骗数量仍达到三年来的最低点。总损失达 2570 万美元，较上月的 6280 万美元大幅下降，为 2021 年以来的最低月度损失总额。

The drop in crypto attacks is primarily attributed to a decrease in private key compromises. In March, 11 attacks against protocols involved compromised private keys, while April saw only three such incidents. However, the report emphasizes that crypto attacks remain a pervasive industry issue, with over $502 million stolen in the first quarter of 2024.

加密攻击的下降主要归因于私钥泄露的减少。 3 月份，有 11 起针对协议的攻击涉及私钥泄露，而 4 月份只有 3 起此类事件。然而，报告强调，加密攻击仍然是一个普遍存在的行业问题，2024 年第一季度就有超过 5.02 亿美元被盗。

Surging Hacks Underscore Growing DeFi Risks

黑客攻击激增凸显 DeFi 风险日益增加

While April's low monthly hack total provides some respite, the overall trend of increasing crypto attacks is concerning. In the first quarter of 2024, hacks and exploits accounted for a staggering $502 million worth of stolen digital assets, a 54% increase from the same period last year.

虽然 4 月份较低的月度黑客总数提供了一些喘息的机会，但加密货币攻击增加的总体趋势令人担忧。 2024 年第一季度，黑客和漏洞导致的被盗数字资产价值高达 5.02 亿美元，比去年同期增长 54%。

As the DeFi ecosystem continues to grow and attract more funds, it becomes an increasingly attractive target for malicious actors. The vulnerabilities in smart contracts, as evidenced by the Pike Finance exploits, highlight the need for robust security measures and ongoing monitoring to mitigate these risks.

随着 DeFi 生态系统不断发展并吸引更多资金，它成为恶意行为者越来越有吸引力的目标。 Pike Finance 漏洞所证明的智能合约中的漏洞凸显了采取强有力的安全措施和持续监控来减轻这些风险的必要性。

Governments and regulatory agencies are taking notice of the rising tide of crypto hacks and are exploring measures to protect investors. The US Securities and Exchange Commission (SEC) recently charged a New York-based company with allegedly defrauding investors of $50 million in a crypto Ponzi scheme.

各国政府和监管机构正在注意到加密货币黑客攻击的兴起，并正在探索保护投资者的措施。美国证券交易委员会 (SEC) 最近指控一家总部位于纽约的公司涉嫌通过加密货币庞氏骗局诈骗投资者 5000 万美元。

Industry experts believe that increased regulation and collaboration between law enforcement and blockchain analysis firms can help combat crypto crime and protect the integrity of the DeFi ecosystem. As the industry evolves, it is imperative that protocols implement robust security measures, investors exercise due diligence, and regulators establish clear and enforceable guidelines to foster a secure and trustworthy environment for decentralized finance.

行业专家认为，执法部门和区块链分析公司之间加强监管和合作有助于打击加密货币犯罪并保护 DeFi 生态系统的完整性。随着行业的发展，协议必须实施强有力的安全措施，投资者必须进行尽职调查，监管机构必须制定明确且可执行的指导方针，以便为去中心化金融营造一个安全且值得信赖的环境。