It appears we may have just seen our latest DeFi flash loan attack.

$20m in DAI stolen - potentially the biggest flash loan attack since Harvest a month ago, which took $30m in stables.

(h/t to @mattybchats for spotting this tx)

What's weird now is that Pickle's website currently is not working.

Those that are trying to access the Jars and Farms tab are just stuck with a loading screen.

Also, Discord channel seems to have no public channels. Was it like this before?

Some people are arguing that this isn't an exploit or not an attack - might be some unannounced strategy change they say.

The thing is, the person who did this tx got 10 ETH from Tornado + now owns nearly $20m in DAI in an EOA.

The interesting thing here to note is that the contract that executed this complex tx was not self-destructed as we've seen with previous attacks on DeFi protocols.

Upon closer inspection, there doesn't seem to have been a flash loan involved.

I'm hearing the attacker deployed fake Pickle Jars (strategies) that managed to drain the original Jar.

We're about to see @CoverProtocol in action for the first time.

Since its launch two days ago, users have provided 432,251 DAI in cover through the protocol.

Yeah, appears to be the swapExactJarForJar function that broke it.

Basically, a Jar is like a Yearn Strategy.

The attacker made a malicious Jar, then swapped the funds from the recently-deployed DAI strategy to his own.

More on Cover Protocol's first claim.

Thus far, 100% of the COVER that has voted (573) says this is a valid claim.

https://snapshot.page/#/cover/proposal/QmPSkV68ihhP8EAZbNoQVsTpUh82wiX18ckyEwiUbChRjQ

Pickle *was* audited by Haechi. The audit was published two days ago and found no critical issues and no major issues.

The thing is, the audit was seemingly commissioned & completed before the latest update to the Jars.