On August 2021, Popsicle was exploited in a business logic flaw, resulting in approximately $20M in losses. That makes the Popsicle exploit the 20th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Popsicle Business Logic Flaw Played Out
Exploit Class Applied to Popsicle
The Popsicle incident on August 4, 2021 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, Popsicle is 1 of 144 documented business logic flaw incidents.
Popsicle in Context
At $20M, the Popsicle exploit is a major ($10M–$100M) event compared to the largest same-class incident in our archive — – EulerFinance (2023) at $200M.
Prior Business Logic Flaw Before Popsicle
The nearest business logic flaw incident before Popsicle was Chainswap, 25 days earlier on July 10, 2021 ($4 lost). The same exploit class surfaced again within the business logic flaw attack surface.
Popsicle Vulnerability Signature
The primary source categorises the Popsicle exploit specifically as “Repeated Reward Claim – Logic Flaw”. This narrower label is entity-specific: it reflects how the Popsicle contract failed, rather than the broad business logic flaw pattern alone.
Impact & Recovery for Popsicle
Popsicle Loss Figure
The Popsicle exploit caused $20,000,000 in losses — a major ($10M–$100M) incident and the 3rd largest of 37 documented in 2021. This single incident represents 9.5% of all tracked losses that year.
Where Popsicle Sits Among Business Logic Flaw Attacks
Ranked by loss size, Popsicle is the 6th largest of 144 business logic flaw incidents documented. That puts the Popsicle loss above the class average of $6.08M.
Timeline Since the Popsicle Incident
The Popsicle exploit occurred 4.7 years ago (1,714 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Popsicle
Public post-mortem / on-chain analysis for the Popsicle incident: view source.
FAQ
How much did Popsicle lose?
The Popsicle exploit in August 2021 resulted in $20,000,000 in losses — the 3rd largest of 37 DeFi incidents that year.
When did the Popsicle hack happen?
The Popsicle exploit was recorded on August 4, 2021 — 1,714 days ago.
What type of exploit hit Popsicle?
The Popsicle incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.
How common is the Business Logic Flaw pattern seen at Popsicle?
Our archive contains 144 documented business logic flaw incidents. The Popsicle incident is one of them.
How does Popsicle compare to the largest Business Logic Flaw attack?
The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The Popsicle loss is $20M.
What mechanism does the BBDSPP scheme employ for privacy protection?
It uses non-interactive zero-knowledge proof technology for lightweight identity verification, preventing unauthorized access.
How is the performance of the proposed algorithm evaluated?
Through comparison with standard trading rules and other optimization algorithms.