BSV
$67.25
Vol 48.81m
-7.13%
BTC
$90294
Vol 52657.47m
-0.49%
BCH
$441.72
Vol 689.07m
-7.68%
LTC
$88.4
Vol 1350.84m
-5.69%
DOGE
$0.36
Vol 9539.14m
-0.06%
Getting your Trinity Audio player ready...

Roughly 24 hours have passed since the DeFi project Harvest Protocol ($FARM) was exploited for over $24 million. Since we first covered the attack, Harvest Protocol has published its “Flashloan Economic Attack Post-Mortem” report.

The details

The attacker used flash loans to manipulate the price of USDT and USDC in curve’s YPool and then deposited the USDC into Harvest to rebuy USDT before withdrawing the USDC from Harvest. 

“The attacker repeatedly exploited the effects of impermanent loss of USDC and USDT inside the Y pool on Curve.fi. They used the manipulated asset value to deposit funds into the Harvest’s vaults and obtain vault shares for a beneficial price, and later exit the vault at a regular share price generating a profit. ” said Harvest in their official statement.

The attacker executed this cycle 17 times on the USDC pool and 13 times on the USDT pool for a total of $24 Million–13 million USDC and 11 million in USDT. For unknown reasons, after the attacker completed the exploit, they sent $2.4 million back to the Harvest protocol deployer contract. The attacker went on to sell their USDC and USDT for renBTC and ETH. The attacker laundered their ETH via the Ethereum mixing service tornado.cash and their renBTC to the BTC network. 

The Harvest team says the attacker is currently laundering their BTC through several exchanges including Binance, Kraken, and Huobi.

https://twitter.com/harvest_finance/status/1321115746269802496

The manhunt

The Harvest team wants the DeFi community to help them identify the attacker, who they say is “well-known in the crypto community.” However, the attacker has yet to be identified.

Harvest Protocol ($FARM) Discord

Source: Harvest Protocol Discord channel

To incentivize the search, the Harvest team put up a $400,000 bounty that will go to the “first person or team that helps to return the funds within 36 hours,” after those initial 36 hours, the bounty for returning the funds will drop to $100,000. 

Recommended for you

This Week in AI: US, China clash; Amazon eyes in-house chips
China and the U.S. are butting heads anew over trade, while Amazon eyes to become a major player in the...
November 15, 2024
CREATE MORE Act and its impact on emerging tech
Philippine President Ferdinand Marcos Jr. signed the CREATE MORE Act into law, focusing on lowering corporate taxes, simplifying business processes,...
November 15, 2024
Advertisement
Advertisement
Advertisement