BSV
$69.95
Vol 142.44m
3.39%
BTC
$98048
Vol 41707.9m
-0.83%
BCH
$512.8
Vol 1874.37m
4.43%
LTC
$100.45
Vol 2825.06m
8.17%
DOGE
$0.43
Vol 24731.76m
5.65%
Getting your Trinity Audio player ready...

Another day, another DeFi hack; early this morning, Harvest ($FARM) was exploited for over $24 million. The exploit took place just a few hours after DeFi analyst Chris Blec, published a statement that warned of the vulnerabilities in the Harvest protocol.

https://twitter.com/ChrisBlec/status/1320375400141328384

The attacker was able to exploit Harvest by manipulating stablecoin prices on the contracts that the Harvest protocol interacts with. Once the attacker manipulated the stablecoin prices to the point where they were in their favor, the hacker drained Harvest protocol’s liquidity pools and subsequently converted the stolen funds to renBTC.

Not many technical details are known about the hack at the moment, but the Harvest team has put up a $100,000 bounty that will go to the individual who can identify the hacker and says they will release a post mortem report sometime today.

DeFi has a (few) loopholes

Many DeFi smart contracts rely on external smart contracts which gives hackers multiple attack vectors. When a smart contract must communicate with other smart contracts, it no longer matters if the main smart contract you are interacting with is secure. Attackers, like the individual(s) who exploited Harvest this morning, can manipulate the smart contracts that the main contract communicates with to manipulate prices and subsequently drain the liquidity pool or withdrawal funds. 

Many DeFi exploits have taken place this year, and in every instance, a ‘hack” or “breach” never actually occurred. Instead, the attacker had a deep understanding of how the DeFi protocol worked as well as which external smart contracts the main contract communicated with and then used that knowledge to pull all the strings attached to the main contract to make away with millions in stolen funds.

When it comes to DeFi, proceed with caution; most DeFi protocols have no real business model, have not been code-audited, and were only created to make their founding team a few dollars. With such an insecure infrastructure and no real interest in creating a long-lasting business, you should expect more DeFi exploits and rug-pulls to happen in the DeFi space.

Recommended for you

Lido DAO members liable for their actions, California judge rules
In a ruling that has sparked outrage among ‘Crypto Bros,’ the California judge said that Andreessen Horowitz and cronies are...
November 22, 2024
How Philippine Web3 startups can overcome adoption hurdles
Key players in the Web3 space were at the Future Proof Tech Summit, sharing their insights on how local startups...
November 22, 2024
Advertisement
Advertisement
Advertisement