Quick setting:
- Expert defi farmer used flash loans to drain Harvest Finance of $ 24 million in just 7 minutes
- The team behind Harvest Finance admitted they made a design error when designing the protocol
- They have issued a $ 100k bounty to any person or team that helps return funds
- Harvest Finance has asked major exchanges such as Binance to blacklist several Bitcoin addresses
Earlier yesterday, the DeFi industry was rocked by news of a hacker who managed to leverage the Harvest Finance protocol using flash loans.
According to the Harvest Finance team’s autopsy of the incident, the attacker exploited the protocol by using arbitrage and the temporary loss of USDC and USDT within Y Pool and Curve.fi to execute the hack.
The Harvest Finance exploit took only seven minutes with the hacker leaving with $ 24 million. The exploit also has a total loss of $ 33.8 million for Harvest Finance as explained below.
USDC Safe Share Price decreased from 0.980007 to 0.834953, and USDT Safe Share price fell from 0.978874 to 0.844812, down 13.8% and 13.7 respectively %.
The lost value is approximately $ 33.8 million, which corresponded to approximately 3.2% of the total value locked in the protocol at the time before the attack.
Harvest’s finance team admits they made a technical error
Less than 24 hours after the attack, the Harvest Finance team admitted they made a design error when designing the protocol. In addition, they are formulating a plan to remedy the problem for all affected users of Harvest Finance. The team also asked the attacker to return the funds so that users can be compensated.
The attacker showed his point of view. If they can return the funds to users, it would be greatly appreciated by the community. Returning funds to affected users is the goal.
We made an engineering mistake, we are aware of it. Thousands of people are acting as collateral damage, so we humbly ask the attacker to return the funds to the deployer, where they will be distributed to users in its entirety.
Cut $ 100k with the striker leaving a trail of bread crumbs
Harvest’s finance team also claims to have substantial information about the hacker and is offering a $ 100,000 bounty to any individual or team that will help return the funds. If the return is made within 36 hours, the bounty will be increased to $ 400,000.
Regarding the identity of the attacker, the Harvest Finance team explained that it has made several transactions in known deposit addresses that belong to Binance. They also advised popular exchanges such as Binance, Coinbase, Huobi, OKEx, Kraken and Bitfinex, to blacklist several Bitcoin addresses that were used to steal funds using renBTC.
Please blacklist these addresses, thank you@binance @coinbase @HuobiGlobal @OKEx @crazy_fx @FTX_Official @bitfinex @BittrexExchange
– Harvest Finance (@harvest_finance) October 26, 2020
DeFi is not yet without risk
Harvest Finance hack comes in the wake of numerous attempts and hacks in the DeFi industry over the past few months. This means that there will be more incidents in the future and DeFi investors are advised to do more research and get in the habit of investing in DeFi protocols that have been properly vetted.
[ad_2]Source link