Alert - Harvest Finance (FARM) $24 Million Exploit

Harvest Finance, the Kava blockchain-powered decentralized cross-chain money market faced an arbitrage economic attack. According to Harvest Finance, the attack originated with a large flash loan and led to a $24 million exploit by the hacker. Out of the whopping $24 million, the hacker sent $2.5M back to the deployer.

The Harvest Finance attack manipulated the prices on Curve ypool to drain fUSDT and fUSDC money lego. These funds were immediately converted to WBTC then renBTC and cashed out in real bitcoin.

Fear grips FARM holders

Just 2 hours prior to the attack, Harvest Finance proudly tweeted that the farmers had made an annual profit of $69 million. Additionally, the protocol was generating profit share annual percentage yield (APY) of over 410%. But at the time of press, the panic is sky high and farmers are pulling money out of the protocol.


Could this be an insider job?

DeFi Analyst Chris Blec claims that this could be an insider’s job. A couple of days back Chris warned farmers that the Harvest Finance administrators held a very powerful key. Using this key, the administrators can drain the funds anytime.

The rest of the funds are safe

Harvest Finance agrees that the hacker has sent $2,478,549.94 to the deployer in the form of USDT and USDC. According to the official tweet, the admin will distribute this amount to affected depositors on pro-rata bases. At the time of the press, all funds in Curve were withdrawn to the stabilized vault. Additionally, the BTC and stablecoin deposits stand disabled.

Furthermore, Harvest Finance tracked down 10 bitcoin accounts that received the hacked coins. It has requested Binance, Coinbase, Huobi, OKEx, Kraken, FTX, Bitfinex, and Bittrex to blacklist these addresses.

A big bug

A Twitter handle that goes by @pancakebunnyfin claims to have identified an implementation bug and a design mistake. According to the tweets, the bug seems to facilitate deposits of all contracts other than the greylist contracts. Additionally, there is an arbitrage check function in the strategy but the tolerance is not high enough.


Questionable DeFi audit

Harvest Finance is an audited DeFi protocol. The blockchain security and data analytics company PeckShield Inc. conducted the audit. If the bugs and design flaws pointed out by @pancakebunnyfin are accurate, PeckShield might also face the burn.

However, at the time of press PeckShield claims that this is the Harvest protocol design format.

FARM price

In the last 4 hours, the FARM token faced a major price dump of over 58%. At the time of the press, the FARM token is trading close to $97.

For the latest crypto-related updates do check out our Altcoin Buzz YouTube channel.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.