Home Coins Ethereum (ETH) DeFi protocol Harvest Finance exploited, attacker drained $24M and then returned $2.5M

DeFi protocol Harvest Finance exploited, attacker drained $24M and then returned $2.5M


Harvest Finance, a decentralized finance (DeFi) protocol developed by an anonymous team, was exploited Monday early morning UTC time.

The attacker drained $24 million from Harvest and then returned $2.5 million to the protocol for reasons unknown.

Harvest is a yield farming protocol similar to YFI. It collects yields from different lending protocols and optimizes for the maximum gain to return it to depositors. The attacker of Harvest performed an arbitrage attack using a large flash loan.

Flash loans are uncollateralized loans. They enable users to borrow funds instantly from a liquidity pool, provided that the money is returned to the pool within one transaction block. The Harvest attacker “manipulated prices on one money lego (curve y pool) to drain another money lego (fUSDT, fUSDC), many times,” said Harvest Finance. “The attacker then converted the funds to renBTC and exited to BTC.”

Put simply, the price manipulation on the Curve Y pool allowed the attacker to drain Farm USDT (fUSDT) and Farm USDC (fUSDC) tokens from Harvest. The attacker then converted these tokens to renBTC and finally to bitcoin. RenBTC is a bitcoin-backed token used on the Ethereum network.

Attacker ‘well-known in the crypto community’

Harvest provided some bitcoin addresses of the attacker and said that there is a “significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.”

But Harvest is “not interested in doxxing the attacker.” Instead, it has put a $100,000 bounty for the first person or team to reach out to the attacker.

Harvest has also asked exchanges like Binance, Coinbase, and Huobi to block the attacker’s addresses.

The attack comes just a day after DeFi analyst Chris Blec claimed that Harvest is a centralized protocol as its administrators hold an “admin key that can drain funds.”

On today’s attack, Blec told The Block that an inside job could not be ruled out as “nobody knows the smart contracts better than the anonymous developers.”

“In these situations, a smart DeFi user doesn’t assume that what they hope happened is what happened. The smart DeFi user assumes that the worst thing that could have happened is what happened. Adversarial thinking is the only way to stay safe in this space,” said Blec.

Harvest Finance was launched in August and still has $588 million worth of user deposits locked in its protocol. That amount was over $1 billion just before the attack, according to tracker DeFi Pulse, which was accessible at the time of writing. (It is currently giving a “500 internal server error.”)

The price of Harvest’s native token, FARM, has also plunged by about 57% since the attack, according to CoinGecko. It is currently trading at about $101.

After the publication of this story, Harvest said it would release a post mortem report of the attack “within the next 16 hours.”

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.





Source link

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
472FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,553FollowersFollow
2,230SubscribersSubscribe
USD - United States Dollar
EUR
1.19
GBP
1.34
CHF
1.10
NOK
0.11
JPY
0.01
CAD
0.77
AUD
0.74

Most Popular

Cypherpunk Holdings becomes 9th largest public holder of Bitcoin

Cypherpunk Holdings (CSE:HODL), a privacy-focused Canadian investment company, has upped its stake in Bitcoin (BTC). The company disclosed Thursday that it has added 72.979...

BANANO Chess Tournament (50k BANANO Prize Pool!) | by Banano | Banano | Nov, 2020

BANANO is a DAG-based cryptocurrency with easy-to-use apps, distributed entirely for free through airdrops, faucets, and games. All happening in a fun, community-driven,...

Tendermint & Lunie: Extended Support for the Cosmos Hub | by Brian Luk | Nov, 2020

We were surprised and saddened to hear that Lunie plans on sunsetting their hosted services at the end of November. For those of...
bitcoin
Bitcoin (BTC) $ 17,155.61
ethereum
Ethereum (ETH) $ 519.97
ripple
XRP (XRP) $ 0.533716
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 270.53
bitcoin-cash-sv
Bitcoin SV (BSV) $ 164.25
litecoin
Litecoin (LTC) $ 70.88
eos
EOS (EOS) $ 2.93
binancecoin
Binance Coin (BNB) $ 28.14
okb
OKB (OKB) $ 5.39
tezos
Tezos (XTZ) $ 2.24
leo-token
LEO Token (LEO) $ 1.33
cardano
Cardano (ADA) $ 0.137782
monero
Monero (XMR) $ 119.50
stellar
Stellar (XLM) $ 0.167394
chainlink
Chainlink (LINK) $ 12.64
huobi-token
Huobi Token (HT) $ 4.08
tron
TRON (TRX) $ 0.029306
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 92.19
neo
NEO (NEO) $ 17.17
iota
IOTA (MIOTA) $ 0.302462
nem
NEM (XEM) $ 0.159123
zcash
Zcash (ZEC) $ 70.14
maker
Maker (MKR) $ 527.59
paxos-standard
Paxos Standard (PAX) $ 1.01
ethereum-classic
Ethereum Classic (ETC) $ 6.09
vechain
VeChain (VET) $ 0.014361
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 3.92
kucoin-shares
KuCoin Shares (KCS) $ 0.784560
waves
Waves (WAVES) $ 6.02