Pine Protocol Suffers $92,000 Security Breach

Summary

Pine Protocol, a decentralized, non-custodial asset-backed lending platform, suffered a security breach on December 21, 2023, due to a vulnerability in its smart contract on the Ethereum Mainnet. This exploit resulted in a loss of approximately 40 ETH ($92,000), exploiting the protocol across multiple transactions. The attack was facilitated by a flaw related to shared pools between two different contracts within the platform.

Attackers

The identity of the attacker is unknown.

Hacker Ethereum Wallet:

Losses

The loss amounted to 40 ETH worth $92,000.

Timeline

Security Failure Causes

  • Smart Contract Vulnerability: The vulnerability stemmed from shared pools between two versions of contracts within Pine Protocol. This issue arose from the most recent update to the protocol, where both old and new contract versions shared the same pool address, allowing the exploiter to manipulate fund transfers across different pools. The attacker exploited this by borrowing assets using NFT tokens as collateral and then using a flash loan from the old pool version to repay the initially borrowed assets.