BSV
$57.54
Vol 72.16m
-6.4%
BTC
$101728
Vol 102649.01m
-2.37%
BCH
$480.3
Vol 626.86m
-8.4%
LTC
$108.62
Vol 1871.83m
-9.5%
DOGE
$0.35
Vol 6755.83m
-7.06%
Getting your Trinity Audio player ready...

Roughly 24 hours have passed since the DeFi project Harvest Protocol ($FARM) was exploited for over $24 million. Since we first covered the attack, Harvest Protocol has published its “Flashloan Economic Attack Post-Mortem” report.

The details

The attacker used flash loans to manipulate the price of USDT and USDC in curve’s YPool and then deposited the USDC into Harvest to rebuy USDT before withdrawing the USDC from Harvest. 

“The attacker repeatedly exploited the effects of impermanent loss of USDC and USDT inside the Y pool on Curve.fi. They used the manipulated asset value to deposit funds into the Harvest’s vaults and obtain vault shares for a beneficial price, and later exit the vault at a regular share price generating a profit. ” said Harvest in their official statement.

The attacker executed this cycle 17 times on the USDC pool and 13 times on the USDT pool for a total of $24 Million–13 million USDC and 11 million in USDT. For unknown reasons, after the attacker completed the exploit, they sent $2.4 million back to the Harvest protocol deployer contract. The attacker went on to sell their USDC and USDT for renBTC and ETH. The attacker laundered their ETH via the Ethereum mixing service tornado.cash and their renBTC to the BTC network. 

The Harvest team says the attacker is currently laundering their BTC through several exchanges including Binance, Kraken, and Huobi.

https://twitter.com/harvest_finance/status/1321115746269802496

The manhunt

The Harvest team wants the DeFi community to help them identify the attacker, who they say is “well-known in the crypto community.” However, the attacker has yet to be identified.

Harvest Protocol ($FARM) Discord

Source: Harvest Protocol Discord channel

To incentivize the search, the Harvest team put up a $400,000 bounty that will go to the “first person or team that helps to return the funds within 36 hours,” after those initial 36 hours, the bounty for returning the funds will drop to $100,000. 

Recommended for you

Paraguay cracks down on illegal BTC mining
Paraguay’s grid operator is clamping down on the rising electricity losses, which have hit 28.5%, and illegal block reward miners...
December 19, 2024
How tariffs could reshape America’s digital asset future
Trump's dual promises—to impose punishing tariffs on Chinese imports while making America "the crypto capital of the planet"—are about to...
December 19, 2024
Advertisement
Advertisement
Advertisement