Harvest Finance has been hacked, and the $24 million DeFi hack has once again exposed the vulnerability of the entire DeFi ecosystem. Harvest Finance is a known yield aggregator that provides liquidity to other DeFi pools so that its liquidity providers could gain. Hackers have reportedly leveraged this mechanism in Curve’s Y pool for their attack.
After the attack, Harvest finance has issued a $100,000 bounty, stating that it has already gathered enough data to identify the attacker, who is apparently well-known in the crypto community.
The arbitrage manipulation with a $50 million flash loan led the attackers to stretch the price of the stablecoins on Curve’s Y Pool. The stablecoin was then used by the hackers and BTC pools on Harvest Finance to get an even greater amount of stablecoins in exchange for highly-priced tokens on Curve. It took the hackers less than 7 minutes to drain $24 million from Harvest’s liquidity. Concurrently the total volume of trading on Curve’s USDT and USDC sprang up from $10 million to more than $2.7 billion when the exploit took place.
Shortly after the attack, Harvest Finance announced a $100,000 bounty. The attacker has apparently swapped the processes for renBTC(rBTC). Harvest Finance admitting to the hack has already announced on Twitter that it is working aggressively and actively to lessen the impact of the economic attack on the stablecoin and the BTC pools.
The attacker after the attack has also reported having sent back nearly 42.5 million to the deployer in the form of USDT and USDC.
“This will be distributed to the affected depositors pro-rata using a snapshot,” Harvest Finance tweeted.
And after the attack, Harvest Finance collaborated with Ren Protocol and have successfully identified Bitcoin addresses where the funds were transferred. As a quick measure and a part of the disaster management situation, Harvest Finance has also informed all the major exchanges like Binance and Coinbase to freeze the stolen funds so that further damage is not done.
Based on the news of the hack, it is apparent that the FARM token, Harvest’s very own token has stumbled way below its price. In the last 24 hours, a 60% drop has been registered. The total value locked in the Harvest protocol has also dropped heavily to about $570 million as per DeFi Pulse.
Source: DeFi Pulse
Reports have also sparked up that there are some similarities between Harvest Finance hack to the attack on Eminence that drained the system off $15 million. And in the case of the Eminence hack also a portion of the hacked amount was returned to the lead developer’s address. In the case of Harvest also the hackers have sent back 10% of the total hack to the ETH deployer address. This has raised a few eyebrows because of the signature style of a hack either by a single entity or something that has been adopted by developers in general.
DeFi’s anonymous exchange has been an advantage as well as something that is taken advantage of especially by the developers. Such activities go untraced, making such developers richer adding fire to conduct more hacks.