- Harvest Finance said that it will provide a 100k bounty to the first person or team to reach out to the attacker
- The company admits its mistake on twitter and admits that they left the door open for the attacker
Harvest Finance, a decentralized finance service (DeFi protocol) was hacked for $24million worth of cryptocurrency assets by a hacker. Harvest Finance is a platform where users invest in cryptocurrency and then farm the price variations for small profits yields.
Announcing about the attack on their Twitter account, Harvest Finance said that it will provide a 100k bounty to the first person or team to reach out to the attacker.
The hacker targeted the protocol’s liquidity pools, performing an arbitrage attack, using a large flash loan, which is a type of uncollatralised the loan. The attack was completed in a mere 7 minutes and the company got to know about the fraud immediately. Having said that, the hacker somewhat later returned $2.5 million. It is said that the attacker is well known in the crypto community and the company has urged the members to convince the attacker to return the money stolen.
The company had informed that the attacker manipulated prices on one money Lego (curve y pool) to drain another money Lego farm USDT and farm USDC several times. He then converted the funds to ren BTC (platform used on Ethereum blockchain) and exited to bitcoin as reported by Bitcoin.com.
According to CoinGecko data, the hack cut down the prices of Harvest Finance and the company’s token fell to 54%, to $101.79. The amount of money locked in the protocol also dropped to $575million from $1 billion on October 25. The investors pulled their deposits as soon as the news of theft broke out.
According to the Harvest Finance administrators’ investigation the hacker had stolen $13 million USDC coin and $11 million Tether coins (USDT). However, after 2 minutes of the attack, the hacker returned some amount but the reason of this action is not clear.
The company on its Discord channel had posted a message which claimed that hacker left a significant amount of personally identifiable details. This tells that he is a well known one in the crypto community. The company admits its mistake on twitter and admits that they left the door open for the attacker to return the funds without any consequences. The three month old company is not willing to dox the cyber criminal and has offered a $100,000 bounty for anyone to reach out to the attacker and convince to return the funds.
The attack on Harvest Finance comes just 6 weeks after an attacker made off with $8.1million in bitcoin another from DeFi protocol, BZX. However, they managed to recover the funds.