27 October 2020

Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack


Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

Harvest Finance, a major decentralized finance protocol, has suffered a cyber-attack on Monday, in which a hacker has reportedly stolen nearly $24 million worth of cryptocurrency assets.

Harvest Finance administrators have confirmed the hack in a series of messages on the company’s Twitter account and Discord channel.

“Like other arbitrage economic attacks, this one originated with a large flashloan, and manipulated prices on one money lego (curve y pool) to drain another money lego (fUSDT, fUSDC), many times. The attacker then converted the funds to renBTC and exited to BTC… Like other flashloan attacks, the attacker did not give time to respond, performing the attack in 7 minutes end to end,” the company said.

In total, the hacker stole $13 million worth of USD Coin (USDC) and $11 million worth of Tether (USDT). According to the company, the hacker has returned back some of stolen funds ($2,478,549.94 in form of USDT and USDC). Harvest Finance said these will be “distributed to the affected depositors pro-rata using a snapshot.”

The company claims it has identified the BTC addresses which hold the stolen funds, as well as “significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.” Harvest Finance has now issued a $100,000 bounty for the first person or team to “reach out to the attacker” and help to return the funds. The company also said it is not interested in doxxing the attacker, and that the company’s goal is to return stolen assets to the users.

Back to the list

Latest Posts

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020
FBI warns of spoofed FBI-related websites

FBI warns of spoofed FBI-related websites

Spoofed domains and email accounts could be used by foreign actors and cybercriminals to spread false information, deliver malware, or collect sensitive data.
25 November 2020
Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

In the latest campaign the treat actor was observed using updated toolset in order to evade detection.
25 November 2020