Home / Altcoins / Alert – Harvest Finance (FARM) $24 Million Exploit – Finance and Funding

Alert – Harvest Finance (FARM) $24 Million Exploit – Finance and Funding

Alert - Harvest Finance (FARM) $24 Million Exploit

Harvest Finance, the Kava blockchain-powered decentralized cross-chain money market faced an arbitrage economic attack. According to Harvest Finance, the attack originated with a large flash loan and led to a $24 million exploit by the hacker. Out of the whopping $24 million, the hacker sent $2.5M back to the deployer.

The Harvest Finance attack manipulated the prices on Curve ypool to drained fUSDT and fUSDC money lego. These funds were immediately converted to WBTC then renBTC and cashed out in real bitcoin.

Fear grips FARM holders

Just 2 hours prior to the attack, Harvest Finance proudly tweeted that the farmers had made an annual profit of $69 million. Additionally, the protocol was generating profit share annual percentage yield (APY) of over 410%. But at the time of press, the panic is sky high and farmers are pulling money out of the protocol.

 

Could this be an insider job?

DeFi Analyst Chris Blec claims that this could be an insider’s job. A couple of days back Chris warned farmers that the Harvest Finance administrators held a very powerful key. Using this key, the administrators can drain the funds anytime.

The rest of the funds are safe

Harvest Finance agrees that hacker has sent $2,478,549.94 to the deployer in the form of USDT and USDC. According to the official tweet, the amount will admin will distribute this amount to affected depositors on pro-rata bases. At the time of the press, all funds in Curve were withdrawn to the stabilized vault. Additionally, the BTC and stablecoin deposits stand disabled.

Furthermore, Harvest Finance tracked down 10 bitcoin accounts that received the hacked coins. It has requested Binance, Coinbase, Huobi, oKEX, Kraken, FTX, Bitfinex and Bittrex to blacklist these addresses.

A big bug

A Twitter handle that goes by @pancakebunnyfin claims to have identified an implementation bug a design mistake. According to the tweets, the bug seems to facilitate deposits of all contracts other than the greylist contracts. Additionally, there is an arbitrage check function in the strategy but the tolerance is not high enough.

 

Questionable DeFi audit

Harvest Finance is an audited DeFi protocol. The blockchain security and data analytics company PeckShield Inc. conducted the audit. If the bugs and design flaws pointed out by @pancakebunnyfin are accurate, PeckShield will also face the burn.

However, at the time of press PeckShield claims that this is the Harvest protocol design.

 




Source link

Check Also

Massive Moves | Moonshot Charts – That’s TrustSwap – Product Release & Updates

Decentralized finance (DeFi) protocol TrustSwap is heating back up. On 22 November 2020, the TrustSwap ...

Leave a Comment:

Your email address will not be published. Required fields are marked *