Hacker stole $24 million from cryptocurrency service Harvest Finance


In another major blow on the decentralized finance (DeFi) sector, a hacker on Monday reportedly stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance, a web portal that lets users automatically “farm” assets for the highest returns in other DeFi projects.

The attacker reportedly targeted the protocol’s liquidity pools, performing an arbitrage attack using a flash loan, a method that enables a trader to take on massive leverage without any downside. The hacker, however, later returned some $2.5 million.

In a tweet, Harvest Finance said the hackermanipulated prices on one money lego (curve y pool) to drain another money lego [farm USDT (fUSDT), farm USDC (fUSDC)], many times. The attacker then converted the funds to renBTC and exited to bitcoin.”

Signup for the USA Herald exclusive Newsletter

RenBTC is a bitcoin-backed token issued on Ethereum by Ren Protocol. Coindesk reported that Harvest’s native token, Farm, dropped by 65% in less than an hour after fretful investors pulled their deposits. It was followed by the project’s total value locked (TVL) plunging from over $1 billion to $430 million.

After the hack, the funds were eventually swapped for bitcoin (BTC), but not before being swept through Tornado Cash, Etherium’s mixing service.

The hacker is reportedly well-known in the crypto community

Based on the project’s Discord, the person behind the hack was reportedly well-known in the crypto community after leaving a significant amount of personally identifiable information. All seven bitcoin wallets holding the attacker’s funds are also known.

In a series of tweets, Harvest Finance said the hack took place because of a mistake on its part and left the door open for the hacker to return the funds without any consequences.

“We made an engineering mistake, we own up to it. Thousands of people are acting as collateral damage,” Harvest Finance said.

“We do not have any interest in doxing the attacker, (or arbitrageur). People should have their privacy,” it said. “You’ve proven your point. If you can return the funds to the users, it would be greatly appreciated by the community, and let’s move on.”

DeFi is a fusion of traditional bank services with decentralized technologies such as blockchain. Due to its inclusive format, it also goes under the name Open Finance. The community pushes to build alternatives to financial services that are currently present, which include items such as checking and savings accounts, asset trading, insurance, and loans, among others.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.