11-21-2024
BSV
$72.76
Vol 154.16m
6.32%
BTC
$98039
Vol 110928.26m
4.71%
BCH
$520.66
Vol 1896.97m
17.68%
LTC
$90.36
Vol 1336.83m
4.69%
DOGE
$0.38
Vol 10077.85m
-0.93%
Getting your Trinity Audio player ready...

Another day, another DeFi hack; early this morning, Harvest ($FARM) was exploited for over $24 million. The exploit took place just a few hours after DeFi analyst Chris Blec, published a statement that warned of the vulnerabilities in the Harvest protocol.

https://twitter.com/ChrisBlec/status/1320375400141328384

The attacker was able to exploit Harvest by manipulating stablecoin prices on the contracts that the Harvest protocol interacts with. Once the attacker manipulated the stablecoin prices to the point where they were in their favor, the hacker drained Harvest protocol’s liquidity pools and subsequently converted the stolen funds to renBTC.

Not many technical details are known about the hack at the moment, but the Harvest team has put up a $100,000 bounty that will go to the individual who can identify the hacker and says they will release a post mortem report sometime today.

DeFi has a (few) loopholes

Many DeFi smart contracts rely on external smart contracts which gives hackers multiple attack vectors. When a smart contract must communicate with other smart contracts, it no longer matters if the main smart contract you are interacting with is secure. Attackers, like the individual(s) who exploited Harvest this morning, can manipulate the smart contracts that the main contract communicates with to manipulate prices and subsequently drain the liquidity pool or withdrawal funds. 

Many DeFi exploits have taken place this year, and in every instance, a ‘hack” or “breach” never actually occurred. Instead, the attacker had a deep understanding of how the DeFi protocol worked as well as which external smart contracts the main contract communicated with and then used that knowledge to pull all the strings attached to the main contract to make away with millions in stolen funds.

When it comes to DeFi, proceed with caution; most DeFi protocols have no real business model, have not been code-audited, and were only created to make their founding team a few dollars. With such an insecure infrastructure and no real interest in creating a long-lasting business, you should expect more DeFi exploits and rug-pulls to happen in the DeFi space.

Recommended for you

Donald Trump’s role in the ‘crypto’ boom
Donald Trump pledged to make the United States the "crypto capital of the world." For the first time in nearly...
November 21, 2024
India Web3 space sees Trump influencing ‘crypto’ regulation
The Indian Web3 industry is celebrating Donald Trump's re-election, acknowledging that his pro-digital currency outlook could influence global sentiment and...
November 21, 2024
Advertisement
Advertisement
Advertisement