Harvest Finance, a decentralized finance (DeFi) project led by an anonymous team, was attacked using a flash loan exploit earlier today leading to millions of dollars worth of FARM tokens stolen by hackers and its prices falling over 60% at press time.
“The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large number of assets through harvest,” explained the Harvest Finance team in a tweet.The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large amount of assets through harvest. To protect users, we've pulled y pool and btc curve strategy funds to the vault — Harvest Finance (@harvest_finance) October 26, 2020
Attackers seemingly exploited the network using a “flash loan” feature — a tool used to lend assets to crypto-traders for zero collateral as long as the entire transaction is included in a single block.
Simply put, by taking out a huge loan, attackers inflated the price of some tokens on Curve Finance (another stablecoin DeFi project) and used it to falsely extract tokens from Harvest. Block explorer data showed the attackers managed to accumulate over $24 million for their effort.24m in profits. https://t.co/2d05Lfhx8Q pic.twitter.com/N5BkJ8A7hg — jiecut (@jiecut42) October 26, 2020
Harvest Finance noted that the exploit was similar to other arbitrage economic attacks, the one from this morning originated with a large flash loan, and “manipulated prices on one money lego (curve Y pool) to drain another money lego (fUSDT, fUSDC), many times.”
“The attacker then converted the funds to renBTC and exited to BTC,” the team said in a tweet.Like other flashloan attacks, the attacker did not give time to respond, performing the attack in 7 minutes end to end. Wallet of the attacker exiting through r...