Harvest Finance Hacked for $24 Million, Puts Bounty on Alleged Attacker

Share Article
In Brief
  • Defi protocol Harvest Finance has allegedly been hacked losing $24 million worth of value.

  • The protocol's token, FARM, has lost almost 50% of its value since the incident.

  • Harvest has stated that it will release a full post-mortem report in the near future.

  • promo

    Want to know more? Join our Telegram Group and get trading signals, a free trading course and daily communication with crypto fans!

The Trust Project is an international consortium of news organizations building standards of transparency.

According to reports on Oct 26. 2020, nearly $24 million in value has been siphoned from the liquidity pools of Harvest Finance, a major decentralized finance (DeFi) protocol.



Harvest Finance subsequently confirmed the hack, stating that the protocol is “working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools.”

According to the initial tweet, the attacker swapped the stolen crypto for renBTC (rBTC) and used Tornado Cash to mix with other funds. They also returned $2.5 million, the reason for which was not immediately clear.

In response to the breach, investors rushed to get their money out, and so far, appear to have pulled roughly $350 million from Harvest. According to CoinGecko data, the result has been a more than 50% drop in the value of FARM, the platform’s native token.

Such hacks are commonplace in crypto, but the aftermath of the alleged Harvest hack is somewhat unique. In a tweet not long after the incident, Harvest Finance announced that they had enough data to identify the attacker, who is “well-known in the crypto community.”



According to the tweet, Harvest has no interest in taking punitive action against the attacker, writing, “we are not interested in doxxing the attacker, your skill and ingenuity is respected, just return the funds to the users.”

The hack occurred just a day after DeFi analyst Chris Blec issued a warning about Harvest Finance. Blec’s main allegation was that Harvest administrators hold an admin key that could drain the funds inside the protocol’s smart contracts. Whether or not the admin key played a role in this situation remains unclear, although Harvest referred to the incident as a “flash loan economic attack.”

Neither Blec nor the project’s administrators responded to requests for additional comment. Harvest did, however, indicate that a more detailed explanation would be forthcoming, tweeting, “We will release a post mortem report within the next 16 hours, and work on future risk-mitigation strategies.”

Share Article

Colin is a writer, researcher, and content marketer with a keen interest in the future of money. His writing has been featured in numerous cryptocurrency publications, and his holdings don't amount to more than a handful of BAT.

Follow Author

Daily signals, Bitcoin analytics and traders chat. Join our Telegram today!

Let’s Go
Daily signals and Bitcoin analytics.