2020-10-26 12:15 |
By now, everyone knows that the DeFi sector has been the center of the attention of the crypto industry in 2020. The sector has grown by billions and billions of dollars in only a few months. However, just like it started attracting new users and investors, as well as their money — it also started attracting hackers interested in stealing that money.
This is exactly what happened to a DeFi protocol known as Harvest Finance.
What happened?According to new information, someone managed to hack the project by exploiting a vulnerability of the entire DeFi ecosystem. The flaw allowed them to steal as much as $24 million from Harvest Finance, a yield aggregator to provides liquidity to a number of other DeFi pools.
From what the project shared on Twitter, hackers seemingly managed to leverage the project’s mechanism in Curve’s Y pool, and conduct an attack.
The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large amount of assets through harvest.
To protect users, we've pulled y pool and btc curve strategy funds to the vault
Allegedly, hackers were able to stretch the price of the Curve Y pool’s stablecoins through arbitrage manipulation, using a $50 million flash loan. After that, they used Bitcoin and stablecoin pools on Harvest Finance itself to get an even greater amount of stablecoins, while providing highly-priced coins on Curve.
The whole attack took only around seven minutes, and during that time, the attackers managed to walk away with $24 million.
The volume of trading on USDT and USDC on Curve went up from $10 million to above $2.7 billion at the time of the attack.
Another attack using a well-known methodThis is also not a new method, as the attack itself and its nature were already discussed at length in an Imperial College London’s academic paper. The paper explains exactly how flash loans could be used for manipulating token pairs’ prices, which would lead to a liquidity drain.
This attack is also extremely similar to the one that hit Eminence, during which a hacker managed to steal $15 million. As many may remember, this incident came with an interesting twist, as the attacker ended up sending half of the stolen money to an address belonging to the project’s lead developer.
The same happened this time, although the attackers did not send half of the money back, but only 10% of what they stole. While some believe that this might be the attackers’ signature move, others consider it a new trend that developers might be adopting.
“The attacker” sent some funds back because they’re such nice people. If this isn’t strong evidence that “the attacker” and “the devs” are the same then I don’t know what is. https://t.co/lNcE2DkcA6
— Riccardo Spagni (@fluffypony) October 26, 2020The post DeFi project Harvest Finance loses $24 million to hackers appeared first on Invezz.
Similar to Notcoin - TapSwap on Solana Airdrops In 2024
Money ($$$) на Currencies.ru
|
