Harvest Finance, a decentralized finance protocol launched in late August, reported today that an unknown individual exploited one of its yield farming pools. The exact missing amount is still unknown but is definitely in a multiple of millions. The address associated with the exploit swapped the ill-gotten gains for RenBTC.
The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large amount of assets through harvest.
To protect users, we’ve pulled y pool and btc curve strategy funds to the vault
— Harvest Finance (@harvest_finance) October 26, 2020
At the time of writing, as much as $952 million worth of assets is still deposited on Harvest Finance, with investors similar unfazed by the recent development.
But while the exploit seemed is associated with an arbitrary trade on one of Harvest Finance pools, several eyebrows have been raised about the project’s promised high yields and centralized ethos. DeFi research analyst Chris Blec had written an exhaustive piece highlighting how overly centralized the protocol’s admin keys were, while auditing firms, Peckshield and Haechi, raised similar red flags.
Harvest Finance (FARM) Drops 55% On News of Exploit.
Harvest Finance’s native token, FARM, has dropped by over 50% following news of the exploit. Despite closing the previous day at a $231 price, FARM was trading at a $108 price at the time of writing, marking a 55% decline, according to Coingecko. The token had dropped to as low as $78 at some point.
Like other recent flashloan attacks where the exploiter has to return some funds out of his stack and withdrawn the rest, Harvest Finance has confirmed that it received $2,478,549.94 back from the hacker in the form of USDT and USDC tokens. The project will re-distribute this amount to affected users following a snapshot.
Affiliate: Get a Ledger Nano X for $119 So That Hackers Won't Steal Your Crypto!