Harvest Finance, decentralized finance (DeFi) protocol, has officially issued a $100,000 bounty to capture the hacker responsible for the latest attack against its liquidity pools. According to the reports, the hacker was able to siphon over $24 million from the protocol’s pools and has since converted them to renBTC. This adverse development on Harvest Finance has also driven down the market price value of its native token – the FARM – by more than 50%.
On top of Harvest Finance’s bounty issuance, the protocol has also made an effort to appeal directly to the hacker on the social media platform, Twitter. As per the official post, Harvest Finance told the hacker that it has already more than proven its point – saying that the community and the DeFi sector as a whole would greatly appreciate it if he or she could promptly return the stolen funds.
With all that being said, Harvest Finance seemingly has a lead now on the suspect – hinting that the hacker behind it all is a prominent player within the crypto space. Furthermore, the DeFi protocol stated that it has already got a hold of the ten Bitcoin wallets the attacker used to store the stolen funds.
The hacker is yet to respond or act following Harvest Finance’s statements.
The attack gave light to a concerning DeFi exploit
The hacker responsible for the attack on Harvest Finance utilized the ‘flash loan’ scheme to alter DeFi prices to his or her will. It is a particular technique that enables traders to take on hefty leverages without consequent downsides. Many believe that this explains the massive drop off of FARM’s market value as well as the total value locked (TVL) of the protocol itself – plummeting to less than $430 million from its $1 billion TVL prior to the attack.
According to Etherscan, the flash loan DeFi exploit was performed via a series of arbitrage trades between three prominent DeFi protocols – Harvest Finance, Curve Finance, and Uniswap. The hacker started the attack by withdrawing a $50 million USDC flash loan on Uniswap, which he or she then swapped between USDT and USDC. The wild swapping of the tokens then drove its prices to fluctuate, causing the price of USDT to drop on Harvest Finance massively.
The attacker then took advantage of this and immediately swapped the discounted USDT for the stablecoins taken out via the flash loan. It is believed that the attacker did the whole process over and over again, with each successful swap converted to ether (ETH), then renBTC, and finally, Bitcoin (BTC).
Now that DeFi has been made aware of this latest elaborate exploit, a change in the surging sector is perhaps imminent.