Harvest Finance, a major decentralized finance protocol, has suffered a cyber-attack on Monday, in which a hacker has reportedly stolen nearly $24 million worth of cryptocurrency assets.
Harvest Finance administrators have confirmed the hack in a series of messages on the company’s Twitter account and Discord channel.
“Like other arbitrage economic attacks, this one originated with a large flashloan, and manipulated prices on one money lego (curve y pool) to drain another money lego (fUSDT, fUSDC), many times. The attacker then converted the funds to renBTC and exited to BTC… Like other flashloan attacks, the attacker did not give time to respond, performing the attack in 7 minutes end to end,” the company said.
In total, the hacker stole $13 million worth of USD Coin (USDC) and $11 million worth of Tether (USDT). According to the company, the hacker has returned back some of stolen funds ($2,478,549.94 in form of USDT and USDC). Harvest Finance said these will be “distributed to the affected depositors pro-rata using a snapshot.”
The company claims it has identified the BTC addresses which hold the stolen funds, as well as “significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.” Harvest Finance has now issued a $100,000 bounty for the first person or team to “reach out to the attacker” and help to return the funds. The company also said it is not interested in doxxing the attacker, and that the company’s goal is to return stolen assets to the users.