The decentralized finance (DeFi) space has once again come under the spotlight after another hack or exploit took place. This time, approximately $25 million worth of Ethereum-based stablecoins were stolen.
While this is not the largest hack in crypto history, this has already been branded as notable as the project that was exploited was Harvest Finance. The yield-earning platform had garnered much attention over recent weeks after a number of notable DeFi investors began to mention and use the platform. Some branded it a “Yearn.finance” competitor, comparing the two platforms to some extent.How $25m worth of Ethereum-based stablecoins were stolen from Harvest
Late on the evening of Oct. 25, Ethereum users began to notice large transactions taking place on-chain that involved a number of crucial DeFi applications: Uniswap, Curve, and Harvest Finance.
With the sheer number of these transactions taking place, it became clear that something was amok.
Analysts quickly highlighted that the attacker was likely completing some sort of arbitrage attack, where they utilized flash loans to systematically drain funds from Harvest due to inefficiencies between protocols.
A flash loan is a DeFi-native concept where a user can borrow a massive amount of capital (often stablecoins) in a single transaction without putting up collateral, then ensure they return the funds (plus an additional fee) at the end of that transaction.
One suspicious transaction is highlighted in the image below:
In all, $25 million worth of stablecoins were stolen from the Harvest Finance pools through multiple of these transactions. The stablecoins have since been converted to RenBTC, which in turn were redeemed for BTC. The attacker’s Bitcoin wallet has yet to be identified.
$2.5 million was returned to the Harvest Finance admin for an unknown reason. The latter sum will be returned to users on a pro-rata basis.
There is some fallout in ...