Harvest Finance, a decentralized finance (DeFi) project led by an anonymous team, was attacked using a flash loan exploit earlier today leading to millions of dollars worth of FARM tokens stolen by hackers and its prices falling over 60% at press time.
“The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large number of assets through harvest,” explained the Harvest Finance team in a tweet.
Attackers seemingly exploited the network using a “flash loan” feature — a tool used to lend assets to crypto-traders for zero collateral as long as the entire transaction is included in a single block.
Simply put, by taking out a huge loan, attackers inflated the price of some tokens on Curve Finance (another stablecoin DeFi project) and used it to falsely extract tokens from Harvest. Block explorer data showed the attackers managed to accumulate over $24 million for their effort.
Harvest Finance noted that the exploit was similar to other arbitrage economic attacks, the one from this morning originated with a large flash loan, and “manipulated prices on one money lego (curve Y pool) to drain another money lego (fUSDT, fUSDC), many times.”
“The attacker then converted the funds to renBTC and exited to BTC,” the team said in a tweet.
Later on, in an Eminence-esque move, the attackers sent back over $2.4 million to the deployer in the form of USDT and USDC. This amount will be distributed to the affected depositors pro-rata using a snapshot, the Harvest team said in a tweet. However, the move attracted suspicion from some quarters, such as former Monero lead Riccardo Spagni:
Some like Ex-Messari product head Qiao Wang stated the move was a setback for the anonymous DeFi space:
“Really wanted to see anon/pseudon teams succeed in crypto but so far we still only have BTC and arguably XMR I think. Harvest is a huge setback for anon DeFi.”
Meanwhile, The Block director of research Larry Cermak noted on Twitter that the exploits led to a temporary resurgence of trading volume on decentralized exchange protocol Uniswap. The DEX has suffered in the past few weeks and had its volume trickle down to under $150 million a day — until this morning.
The exploit is the latest in a series of DeFi projects that have been attacked or manipulated this year, such as bZx Protocol, Sushiswap, and others.
The post Uniswap volumes bump to $2 billion after attack on DeFi project Harvest Finance appeared first on CryptoSlate.
Source: Uniswap volumes bump to billion after attack on DeFi project Harvest Finance