Analysis of the Popsicle Finance Hack
Yesterday at 10:53 pm (UTC), a major hacking incident occurred in Popsicle Finance’s Sorbetto Fragola pool. The hackers drained out nearly 85% of this pool. But other pools like ICE farming contracts, ICE token contracts, and Nice Staking have not been affected by this incident.
A total of $20.7 million worth of funds were lost in the incident. Popsicle Finance has completed a post-mortem of this event. The hackers were able to alter the Sorbetto Fragola transactions where the contract was sent information about when and how much each user had deposited. As a result, the hacker was able to convince the Sorbetto Pool that he had paid as many fees as the total TVL of the pool and was thus able to win the whole $20.7 million from the pool.
According to Popsicle Finance, the entire process was completed in one single transaction with the help of a flash loan. The hacker immediately converted all the coins to Ethereum through Uniswap. Then he set about laundering the coins through Torando.Cash.
To fix the issue, Popsicle Finance has made an open call that they are ready to provide the hacker $1,000,000 in their preferred currency as long as they return the stolen funds. While Popsicle Finance works to clean up its security issues, deposits to all pools have been blocked. Withdrawals are also allowed from only a few specific pools.
Popsicle Finance has also announced that most of their team members were larger investors in the Fragola pools who have been badly affected by the hack. They have come up with some probable ideas for compensating users who have lost their funds in the Fragola pool.
Popsicle protocol fees may be increased to pay off the lost pool funds. Nice staking may be utilized, or a debt token may be issued. Team and DAO funds may be used as collateral to pay back the money within a year. However, none of these plans are settled yet, and Popsicle is still working to find a suitable solution.
Popsicle Finance has spoken out about the support of the small emerging DeFi community in this difficult situation, and they have also reiterated their faith in creating a safer DeFi ecosystem for the future.