Harvest Finance Says Attacker Behind Hack -‘Well-Known in Community; Puts $100K Bounty

Harvest Finance has been in the spotlight for quite some time, and not for good reasons. According to the latest reports that emerged in the early hours of Monday morning, the DeFi yield farm protocol has been drained by nearly $24 million from its pools and swapped for renBTC [rBTC].

Confirming the news of the hack, Harvest Finance revealed “working actively” on the issue of mitigating the economic attack on the stablecoin and BTC pools. The hacker reportedly used Tornado Cash, which happens to be a privacy tool for obfuscating the history of Ether.

Following which the hacker[s] reportedly sent back nearly $2.5 million to the deployer in the form of Tether [USDT] and USD Coin [USDC]. These, according to Harvest Finance will be distributed to the affected depositors pro-rata using a snapshot. Besides, the attack was made possible by manipulating stablecoin prices on another DeFi platform, Curve Finance.

The Harvest Finance team joined forces with Ren Protocol to locate Bitcoin addresses where the funds were transferred. Harvest Finance’s representatives had also asked major exchanges to freeze the allegedly stolen funds and block the addresses.

Bounty Hunt

Harvest Protocol further tweeted,

“We will release a post mortem report within the next 16 hours, and work on future risk-mitigation strategies against flashloan economic attacks, including evaluating insurance options, as well as reparation strategies. For the attacker: you’ve proven your point, if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders watching DeFi from afar”

Furthermore, Harvest Finance stated that there was a “significant amount of personally identifiable information on the attacker”, who is “well-known” in the crypto community. Additionally, the platform went on to say that it was putting out a 100k bounty for the first person or team to reach out to the attacker. It further tweeted,

“We are not interested in doxxing the attacker, your skill and ingenuity is respected, just return the funds to the users”

Harvest Finance is yet another DeFi protocol that seeks the highest-earning pools to farm, a concept very similar to Yearn Finance. The latest news comes just a day after popular DeFi analyst Chris Blec claimed that the platform held just one “admin key” that can potentially drain funds locked in the protocol’s contracts.

Reena Shaw: Reena Shaw is a TWJ full-time writer on crypto-currency. A Journalism graduate, her research focuses on legislation and policy-making in the cryptocurrency market.