Harvest Finance Attack Inflated The Price Of Tokens On Curve Finance

The harvest finance attack inflated the price of some tokens in the DeFi space, but the FARM token dropped by 60% at the time of writing. Following the latest developments, we are reading more in the latest altcoin news.

Harvest finance was attacked by using flash loans exploit which led to millions of dollars worth of FARM token getting stolen by hackers and the prices falling over 60%. The team explained in a tweet:

 “The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large number of assets through harvest.”

We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available

— Harvest Finance (@harvest_finance) October 26, 2020

Attackers exploited the network using a “flash loan” feature which is a tool used to lend assets to crypto-traders for zero collateral as long as the transaction is included in a single block. By taking out a huge loan, in the harvest finance attack, the hackers inflated the price of some tokens on Curve Finance and used it to falsely extract tokens from the platform. Block explorer data showed that the attackers managed to accumulate more than $24 million for their effort. Harvest Finance noted that the exploit was similar to some other economic attacks but the one from this morning originated with a large flash loan and manipulated the prices on one money lego to drain other money lego a few times:

 “The attacker then converted the funds to renBTC and exited to BTC.”

Later on, during the Eminence evolution, the attackers sent back over $2.4 million to the developers in the form of USDC and USDT. The amount will be distributed to the affected depositors pro-rata by using a snapshot as the harvest team said. However, the move attracted suspicion from some quarters as the former Monero lead Riccardo Spagni:

“The attacker” sent some funds back because they’re such nice people. If this isn’t strong evidence that “the attacker” and “the devs” are the same then I don’t know what is. https://t.co/lNcE2DkcA6

— Riccardo Spagni (@fluffypony) October 26, 2020

Qiao Wang on the other hand stated that the move was a setback for the Defi space:

 “Really wanted to see anon/pseudon teams succeed in crypto but so far we still only have BTC and arguably XMR I think. Harvest is a huge setback for anon DeFi.”

Uniswap's volume just had a massive outlier and spiked from $148M yesterday to $2 billion today. Why? The $FARM exploiter is running money through Uniswap. Good day for Uniswap LPs. pic.twitter.com/g4HQ3sHFU7

— Larry Cermak (@lawmaster) October 26, 2020

In the meantime, the Block director Larry Cermak noted that the exploits led to a temporary resurgence of trading volume on the decentralized exchange protocol Uniswap as the exchange suffered in the past few weeks and had its volume trickle down to less than $150 million in a day until this morning.