Harvest Finance Token Plummets 65% After Attack Saps DeFi Site of TVL

A possible exploit in DeFi protocol Harvest Finance has caused the site's TVL to drop sharply, along with the price of its FARM token.

Oct 26, 2020 at 5:28 a.m. UTC
Updated Sep 14, 2021 at 10:23 a.m. UTC

UPDATE (Oct. 26, 17:29 UTC): Twelve hours later, here’s what is known about the exploit so far.

A possible exploit in decentralized finance (DeFi) protocol Harvest Finance has sent the platform’s native token, FARM, tumbling by 65% in less than an hour, according to CoinGecko.

According to reports surfacing early Monday, upwards of $25 million in value has been drained from Harvest Finance pools and swapped for renBTC (rBTC) by an unknown attacker. Other funds have been mixed through Tornado Cash, an Ethereum obfuscation software. Following the attack, investors appear to have pulled roughly $350 million from the site.

“We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime (sic) as soon as additional details are available,” the anonymous team behind Harvest Finance said in a tweet.

The team further said the “economic attack” was made possible by manipulating stablecoin prices on Curve Finance, another DeFi protocol that Harvest Finance contracts interact with. 

The project’s admins claim to have withdrawn “100% of stablecoin and BTC curve strategy funds” to the vault and “are moving to block deposits to the Stablecoin and BTC vault,” the Harvest Team said in the project’s Discord at 4:45 UTC.

Harvest Finance did not return questions by press time.

The attack comes after DeFi analyst Chris Blec claimed Harvest Finance’s administrators held an “admin key that can drain funds” locked in the protocol’s contracts. It’s unclear at this stage in the exploit what role the admin key or the anonymous team behind the protocol have to do with the sudden drain in assets. Blec did not return a request for comment by press time.

Harvest Finance had over $1 billion in total value locked (TVL) just prior to the possible exploit being unveiled. TVL has dropped to $673 million as of 5:00 UTC, according to DeFi Pulse

This is a developing story and will be updated when more is known.

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
Musk Sets New Condition for Twitter, Citi Says Terra’s Fallout Unlikely to Hit Wider Financial System

The most valuable crypto stories for Tuesday, May 17, 2022.

The most valuable crypto stories for Tuesday, May 17, 2022.

2
Market Wrap: Cryptos and Stocks Mixed Amid Bearish Sentiment

BTC is stabilizing around $30K while stock market volatility begins to fade.

BTC is stabilizing around $30K while stock market volatility begins to fade.

3
New Data Shows Underground Bitcoin Mining Thriving in China

The U.S. has also expanded its lead in the global hashrate competition.

The U.S. has also expanded its lead in the global hashrate competition.

4
Bitcoin sube a $30K, con una resistencia en $35K

BTC está en camino de registrar una señal de impulso positivo en el gráfico diario.

BTC está en camino de registrar una señal de impulso positivo en el gráfico diario.