A possible exploit in the decentralized finance (DeFi) protocol Harvest Finance sent the platform’s native token, FARM, dropping 65% in less than an hour, according to CoinGecko.
According to reports Appearing early Monday, more than $ 25 million in value was drained from Harvest Finance pools and traded for renBTC (rBTC) by an unknown attacker. Other funds were mixed through Tornado Cash, an Ethereum obfuscation software. As a result of the attack, investors appear to have withdrawn approximately $ 350 million from the site.
“We are actively working on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update this feed in real time as more details become available,” said the anonymous team behind Harvest Finance. tweeter.
The team further stated that the “economic attack” was made possible by manipulating stable prices on Curve Finance, another DeFi protocol with which Harvest Finance contracts interact.
Project administrators claim to have withdrawn “100% of stablecoin and BTC curve strategy funds” to the vault and “move to block deposits to the Stablecoin and BTC vault,” the Harvest team said in Project Discord at 4:45 UTC.
Harvest Finance did not return the questions to press time.
The attack comes after DeFi analyst Chris Blec claims Harvest Finance administrators held an “administration key that can drain funds” locked away in protocol contracts. It’s unclear at this point in the exploit what role the admin key or the anonymous team behind the protocol has to do with the sudden asset leak. Blec did not return a request for comment before press time.
Harvest Finance had over $ 1 billion in total locked-in value (TVL) just before the possible exploit was unveiled. TVL fell to $ 673 million at 5:00 UTC, according to DeFi Pulse.
This is a developing story and will be updated as more is known.