The Popsicle Finance defi project is regrouping and considers compensation plans after a devastating hack of A$28 million in cryptocurrency from its Uniswap v3 optimiser, whimsically known as  “Sorbetto Fragola” (Italian for strawberry sorbet).

Team leaders were offering the hacker a US$1 million bounty for the safe return of the stolen funds, which include 2,600 Ethereum (worth roughly A$9.5 million), 96 wrapped Bitcoin (A$5.1 million), A$13.8 million in the stablecoins Tether and USDC, and A$330,000 in Uniswap’s UNI tokens.

“Alot of people have lost money for family holidays, funeral payments, life savings etc.,” one community member wrote on Discord. “There is a human element to this and the hacker needs to know he has actually destroyed alot of lives. ”

But most weren’t expecting to get anything back. The hacker had already moved hundreds of Ether to Tornado Cash, a service for anonymising funds.

Users had deposited their funds into the “Sorbetto Fragola” pool to optimise their earnings on Uniswap, a decentralised exchange that relies on users contributing to liquidity pools in exchange for a fraction of trading fees. Uniswap v3 allows users to provide “concentrated liquidity” within specific trading ranges and the Sorbetto Fragola protocol automated this process.

Alas, this strawberry sorbert had also contained a not-so-sweet surprise — a flaw that allowed the attacker to use flashloans to claim far more rewards than they were entitled to.

“The hack was complex but the bug was simple,” tweeted Sushi developer Mudit Gupta.

“Basically, Popsicle doesn’t transfer the reward debt when users transfer their shares. This exposes multiple exploits, one of which was used here.”

“The hacker made the contract believe that he earned as many fees as the total TVL [total value locked] of the pool and thus is entitled to the $20.7m that was in the pool. This hack was only possible because everything happened within one transaction (due to flashloan),” Popsicle Finance wrote in a post-mortem.

‘Things can slip up’

The project had been audited by Chinese security firm Peckshield, with an audit by Certik in process. Peckshield released a tweet-thread that analysed the hack but didn’t address why it didn’t catch the bug, which had already been used to exploit other projects.

Rekt News called them out on its blog.

“It’s strange that Peckshield decided to publish a post-mortem of code that they audited, instead of waiting and releasing it as an official release from the Popsicle account,” they wrote.

“Another client’s funds lost, while Peckshield chase clout on Twitter. There is little excuse for the auditors for missing an already known bug.”

But Gupta was more understanding.

Popsicle Finance was discussing various plans to compensate those who had lost funds (which included project leaders), including increasing fees and diverting them into a lost pool fund and issuing a debt token.

The value of Popscile’s ICE token, the No. 769 crypto, had plunged from US$2.20 to US$1.36.

The project launched in February. Its other products, such as its “sorbetto limone” (lemon sorbert) multichain yield optimiser,  weren’t affected.

Earlier this week, another project that had been audited – Wault Finance – lost US$800,000 in crypto after a hacker used a flash loan to drain funds from its just-launched WUSD stablecoin.