In brief

  • Harvest Finance has placed a bounty of $100,000 on a hacker that attacked the protocol’s liquidity pools.
  • The DeFi protocol has said there is now enough information to identify the hacker.
  • The hack is the latest in a long line of growing pains experienced in the young DeFi industry.

Decentralized finance (DeFi) protocol Harvest Finance has issued a $100,000 bounty on a hacker that attacked the protocol’s liquidity pools. The hacker reportedly exploited about $24 million from Harvest Finance, and then converted the funds to renBTC. The attack has caused the protocol's native token, FARM, to plummet in price

Harvest Finance has also appealed directly to the attacker to return funds. “For the attacker: you’ve proven your point, if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders watching DeFi from afar,” the DeFi protocol said in a tweet

As Harvest Finance became aware of the attack, they took several steps to protect users. Again via their Twitter account, the DeFi protocol announced that 100% of Stablecoin and BTC curve strategy funds were withdrawn from the strategy to a secure vault. In addition, the protocol advised that they were “moving to block deposits to the Stablecoin and BTC vault.” 

The attack itself, however, barely gave the protocol enough time to react, reportedly taking place in just seven minutes from start to finish. 

Bitcoin
BTC
+1.88%$95,831.60
24H7D1M1YMAX
Created with Highcharts 10.3.312:00PMApr 2812:00PMApr 2912:00PMApr 3012:00PMMay 112:00PMMay 212:00PMMay 312:00PMMay 4$92000$93000$94000$95000$96000$97000$98000
Price data by
BTC price

According to Harvest Finance, there is already enough information available to identify the attacker. In a tweet published today, the DeFi protocol said “there is now a significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.” 

As the fallout from the hack continued, Harvest Finance published 10 BTC addresses, claiming that “all of the hacker’s funds are in [these] wallets.” In an additional tweet, the protocol called on major crypto exchanges, including Binance, to blacklist these addresses. 

The growing specter of DeFi hacks

The attack on Harvest Finance is the latest in a succession of hacks and other vulnerabilities that have plagued the decentralized finance community in recent months. In August of this year, DeFi protocol Opyn was stripped of $370,000. In September, the $FEW scandal, caused by leaked Telegram messages, attracted criticism from the community.

Creators of the $FEW token say they were just joking about pumping and dumping. Image: Shutterstock

DeFi Diehards Claim Controversial FEW Token Was a Joke

A group of DeFi enthusiasts have been criticized for creating a worthless token and discussing—either jokingly or not—to dump it on the market. They claim that the whole thing was just a humorous experiment. The controversy follows a previous airdrop of MEME tokens, which, when handed out, were practically worthless. But after some people had sold their tokens, they soared in value—leaving them with a bitter taste. The FEW token was created on the back of this, in the hope of redeeming their los...

NewsDeFi
6 min read
Scott Chipolina

“As the DeFi space is still in its infancy, we are seeing the type of attacks mature,” Charles Storry, co-founder of PhutureDAO, told Decrypt, adding that “open innovation within DeFi is key, losing funds with untested and unsecure code is not what DeFi is about.” 

Going forward, Harvest Finance has pledged to release a post-mortem report, and “work on future risk-mitigation strategies against flash loan economic attacks, including evaluating insurance options, as well as reparation strategies.”

We have contacted Harvest Finance and will update this story if we hear back from them. 

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.