Decentralized finance (DeFi) protocol Harvest Finance has issued a $100,000 bounty on a hacker that attacked the protocol’s liquidity pools. The hacker reportedly exploited about $24 million from Harvest Finance, and then converted the funds to renBTC. The attack has caused the protocol's native token, FARM, to plummet in price.
Harvest Finance has also appealed directly to the attacker to return funds. “For the attacker: you’ve proven your point, if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders watching DeFi from afar,” the DeFi protocol said in a tweet.
For the attacker: you've proven your point, if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders watching DeFi from afar
As Harvest Finance became aware of the attack, they took several steps to protect users. Again via their Twitter account, the DeFi protocol announced that 100% of Stablecoin and BTC curve strategy funds were withdrawn from the strategy to a secure vault. In addition, the protocol advised that they were “moving to block deposits to the Stablecoin and BTC vault.”
The attack itself, however, barely gave the protocol enough time to react, reportedly taking place in just seven minutes from start to finish.
According to Harvest Finance, there is already enough information available to identify the attacker. In a tweet published today, the DeFi protocol said “there is now a significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.”
As the fallout from the hack continued, Harvest Finance published 10 BTC addresses, claiming that “all of the hacker’s funds are in [these] wallets.” In an additional tweet, the protocol called on major crypto exchanges, including Binance, to blacklist these addresses.
The growing specter of DeFi hacks
The attack on Harvest Finance is the latest in a succession of hacks and other vulnerabilities that have plagued the decentralized finance community in recent months. In August of this year, DeFi protocol Opyn was stripped of $370,000. In September, the $FEW scandal, caused by leaked Telegram messages, attracted criticism from the community.
A group of DeFi enthusiasts have been criticized for creating a worthless token and discussing—either jokingly or not—to dump it on the market. They claim that the whole thing was just a humorous experiment.
The controversy follows a previous airdrop of MEME tokens, which, when handed out, were practically worthless. But after some people had sold their tokens, they soared in value—leaving them with a bitter taste. The FEW token was created on the back of this, in the hope of redeeming their los...
“As the DeFi space is still in its infancy, we are seeing the type of attacks mature,” Charles Storry, co-founder of PhutureDAO, told Decrypt, adding that “open innovation within DeFi is key, losing funds with untested and unsecure code is not what DeFi is about.”
Going forward, Harvest Finance has pledged to release a post-mortem report, and “work on future risk-mitigation strategies against flash loan economic attacks, including evaluating insurance options, as well as reparation strategies.”
We have contacted Harvest Finance and will update this story if we hear back from them.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Digital assets may be firmly in the mainstream, with institutional involvement and a crypto-friendly president in the White House.
But hackers and fraudsters are having a field day so far this year.
Crypto users have lost over $1.7 billion to these groups—already 14% more than 2024’s total losses of $1.49 billion, according to blockchain security firm Immunefi.
In the same period last year, losses totaled $420 million, the firm said.
The report comes amid ongoing concerns about the vulnerabil...
Libre, a regulated real-world asset platform, and the TON Foundation have launched a $500 million tokenized fund on The Open Network, aiming to bring Telegram’s $2.4 billion in corporate debt onto the blockchain for the first time.
Dubbed the Telegram Bond Fund, the product allows institutional and accredited investors to gain exposure to Telegram’s outstanding bonds directly through the TON blockchain, according to a statement shared with Decrypt.
The fund will also participate in future Telegr...
Solana decentralized exchange Raydium has deployed its native token launchpad, which is designed to rival the popular Pump.fun. This comes almost a month after Pump.fun deployed its own decentralized exchange, cutting ties with Raydium in the process.
LaunchLab by Raydium offers a more sophisticated token creation process, compared to Pump.fun’s simplistic approach. The new launchpad allows for deployers to toy with the token supply, how many tokens will be sold on the bonding curve, and how muc...