Pike Finance
Summary
Pike Finance is a natively cross-chain lending protocol built on Wormhole's messaging layer and Circle's Cross-Chain Transfer Protocol (CCTP), which launched its beta mainnet in early 2024. Within days of launch, the protocol suffered two separate exploits on April 26 and April 30, 2024, draining approximately $299K and $1.68M respectively for a combined loss of roughly $1.98M. The first exploit stemmed from an improperly validated CCTP integration; the second arose from a storage layout corruption introduced during the emergency patch, allowing attackers to reinitialize and take over spoke contracts.
Connected Entities
1 entities · 10 linked investigationsTimeline(13 events)
2022-01-01
Pike Finance founded; begins development of cross-chain lending protocol on Wormhole and CCTP infrastructure.
RootData2023-11-01
Pike Finance secures $50,000 in seed funding from Circle and Wormhole to support mainnet launch.
crypto.news2024-04-01
Pike Finance beta mainnet goes live. OtterSec audit has already flagged CCTP integration vulnerability; team has not patched it.
The Defiant2024-04-24
Pike Finance enables USDC withdrawals via CCTP, activating the vulnerable integration pathway.
Quadriga Initiative2024-04-26
First exploit: attacker manipulates CCTP receiver address and amount, draining 299,127 USDC (~$299K) primarily from Arbitrum. Funds bridged to Ethereum and deposited into Tornado Cash.
CertiK Incident Analysis2024-04-26
Pike Finance pauses the protocol and begins emergency upgrade of spoke contracts to address the CCTP vulnerability. The upgrade inadvertently introduces a storage layout collision.
Halborn2024-04-30
Second exploit: attacker exploits storage collision in the patched contracts, calls initialize() to seize admin access, upgrades implementation to malicious bytecode, and drains 479.39 ETH, 64,126 OP, and 99,970 ARB — totaling ~$1.68M across Ethereum, Optimism, and Arbitrum.
Pike Finance official X announcement2024-04-30
Second exploit funds (~562 ETH consolidated across chains) are routed into RAILGUN, a zero-knowledge privacy protocol, obscuring the on-chain trail.
Merkle Science2024-05-01
Pike Finance offers 20% bounty for return of stolen funds. No funds are returned. Team announces plan to reimburse all affected users using $P token treasury collateral.
Protos2024-05-01
Pike Finance issues correction clarifying that the term 'USDC vulnerability' was inaccurate; acknowledges the root cause was Pike's own improper integration of CCTP, not a flaw in Circle's protocol.
CryptoSlate2024-10-21
Pike Finance publishes community update, indicating relaunch on Base network and introduction of $P token with buyback program.
Pike Finance Community2024-12-09
Pike Finance announces quarterly town hall covering financial updates and P Buyback Program, signaling continued active development.
Pike Finance CommunityDecision Log
- hash: 7Z4GdGfnyLGuvrTqr6F6Ae3FRSxmMATovV1ifDdVhbMx
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/1/2026, 5:48:39 PM
last updated: 6/1/2026, 5:48:45 PM
avoid.net — verified advice for a post-truth world