DeFi Harvest Finance Total Value Locked Halves & FARM Tanks Following ‘Economic Attack’

Another day, another DeFi exploit. It was last week that the less than two-month-old Harvest Finance saw its total value locked (TVL) surge to $1.175 billion. And today, it has fallen under $600 million.

This has been the direct result of the exploit in the decentralized finance (DeFi) protocol. The same has been the case for its token FARM that lost over 67% of its value in less than an hour, currently trading at $107.

The reports of the exploit surfaced online early Monday in which about $24 million has been drained from the pools of Harvest Finance. Out of this, $2.47 million has been sent back to the deployer in the form of USD and USDC that will be “distributed to the affected depositors pro-rata.”

The attack comes after last week a DeFi analyst claimed the project's administrators held an “admin key that can drain funds.” In response, the Harvest Finance team said, “No one can spend 1B, it's not useful.”

An Economic Attack

“We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools,” wrote the anonymous team behind the project on Twitter.

The unknown attacker swapped the funds for renBTC, and others have been mixed through Tornado Cash, an Ethereum obfuscation software.

The team further shared that the “economic attack” was made by manipulating the price of the stablecoins on curve y pool, and no other pools are affected. Now, to protect users, the team has “pulled y pool and BTC curve strategy funds to the vault.”

“Like other arbitrage economic attacks, this one originated with a large flashloan, and manipulated prices on one money lego (curve y pool) to drain another money lego (fUSDT, fUSDC), many times. The attacker then converted the funds to renBTC and exited to BTC,” that took just 7 minutes end to end, explained the team.

A list of 10 BTC addresses of the flashloan attacker, which has all the hacker’s funds, has been shared by the team, which is asking the cryptocurrency exchanges to blacklist.


The team also shared that they have a “significant amount of personally identifiable information on the attacker.” The hacker is reportedly a well-known figure in the crypto community. But they “aren’t interested in doxxing the attacker, your skill and ingenuity is respected, just return the funds to the users,” the team said.

A 100k bounty has also been announced for the first one to reach out to the attacker.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide