Harvest Finance is now offering a $100,000 bug bounty for anyone to identify the hacker.
The DeFi sector has been the favorite target of attackers this year. And why wouldn’t it be as the industry is growing by billions of dollars each month, and that’s why it is attracting not only investors but hackers too.
The latest to be targeted by malicious threat actors is the decentralized finance (DeFi) protocol called Harvest Finance.
Harvest Finance was exploited early morning on Monday UTC. The company took to Twitter to explain what happened. The company claim that hackers exploited a DeFi ecosystem vulnerability present in the Curve’s Y pool mechanism and stole approx. $24 million.
Later the attacker returned around $2.5 million to the project for unknown reasons. The entire feat took about 7 minutes only.
See: Hacker returns $25 million after their IP address is exposed
It is a yield aggregator protocol like the YFI that collects yields from various lending protocols and offers depositors maximum return after optimizing the funds for the maximum. It provides liquidity for several DeFi pools.
Harvest claims that using a $50m flash loan, the attacker(s) could stretch the Curve Y pool’s stablecoin price via arbitrage manipulation. Exploiting the price manipulation on the Curve Y pool; the attacker drained Farm USDT and Farm USDC tokens from Harvest Finance and converted them to renBTC tokens and later to Bitcoin.
The attackers then used Bitcoin and Stablecoin pools on Harves ..
Support the originator by clicking the read the rest link below.
