Posted on October 27, 2020 at 3:15 PM
Hackers Stole $24 Million from Crypto Service Harvest Finance
Top decentralized protocol Harvest Finance was recently hacked, with $24 million stolen from its liquidity pools by cyber attackers. As a result, the company is offering $100,000 as a reward for anyone who could provide vital information towards the recovery of the hacked fund.
Harvest Finance is a web portal that allows users to invest crypto coins with the opportunity to gain small profit yields by farming price variations.
Yesterday, the crypto service firm confirmed that in a tweet that the attackers left enough information that can be used to trace back to them. The company also said the hacker is popular in the crypto community based on their BTC addresses that hold the funds.
Apart from the attacker’s addresses, Harvest Finance said it now has personally identifiable information about the attacker.
“We are putting out a 100k bounty for the first person or team to reach out to the attacker,” the statement reads on the company’s Twitter page.
$100,000 bounty offered to find the hacker
The company is offering the $100,000 bounty immediately after it was allegedly hacked earlier yesterday. The hacker stole $24 million from the Harvest Finance pools and swapped it for renBTC (rBTC). Subsequently, the protocol confirmed the hack and assured the public it is working seriously to reduce the economic impact of the attack on Stablecoins and BTC coins.
Afterward, the hacker returned about $2.5 million to the protocol’s account, with the funds based in USD Coin (USDC) and Tether (USDT). Harvest Finance revealed that the returned amount will be distributed to the depositors in due time using the Snapchat platform.
Harvest Finance partnered with Ren Protocol to find out the Bitcoin addresses the hackers used to send the funds. The representatives subsequently asked top exchanges like Coinbase and Binance to freeze the hacked funds.
Harvest Finance token’s value affected
The aftermath of the hacking incidence has Harvest Finance’s token fell by more than 60% within the past 24 hours. The protocol’s total value locked also fell to $570 million from the $1 billion value two days ago.
The report revealed that the hackers targeted the protocol’s liquidity pools and carried out an arbitrage attack using an uncollateralized loan (called a flash ban). According to the report, the successful attack only lasted seven minutes.
Harvest Finance stated that the hackers maneuvered prices on one money lego to siphon funds out of another money lego. The action was carried out several times within a space of seven minutes before converting to renBTC and transferred to Bitcoin.
RenBTC is a Bitcoin-based token exchanged in the Ethereum blockchain.
Harvest has revealed 10 Bitcoin addresses alleged to have been the receiving addresses for the stolen Bitcoin funds before asking major exchanges to block the hackers’ addresses.
Increased level of attacks on Crypto services
This is not the first time in the year hackers have successfully launched an attack on protocols. Last month, another Defi protocol Bzx was a victim of a similar attack where the hackers stole $8.1 million for the protocol. However, BZX recovered the funds later.
In the hack of the Bzx DeFi lending platform, a vulnerability allowed the hacker to mint $681,000 worth of DAI, $1.4 million worth of USDC, $1,76 million worth of USDT, $1,65 million worth of ETH, and more than 200,000 LINK tokens valued at $2.6 million.
In January, the Bzx protocol was also the victim of two separate attacks that caused the protocol about $1 million.
But the attack on Harvest Finance is the most notable, with only $2.5 million returned out of the $24 million stolen.
Harvest Finance posted information about the hacking incident on Discord Channel and Twitter immediately after the hack took place to inform users and possible earlier recovery of the hacked funds.
Based on the messages posted on the Twitter page of Harvest Finance, the attackers invested large amounts of crypto assets in its services and siphon more funds to their wallets using a cryptographic exploit.
Based on the transaction ID released by Harvest Finance, the hacker stole $11 million worth of Tether and $13 million worth of USDC.