BSV
$68.34
Vol 160.81m
-9.72%
BTC
$99208
Vol 100718.65m
2.4%
BCH
$494.4
Vol 1469.33m
-4.74%
LTC
$89.81
Vol 1180.46m
-0.2%
DOGE
$0.39
Vol 10017.52m
2.29%
Getting your Trinity Audio player ready...

Another day, another DeFi hack; early this morning, Harvest ($FARM) was exploited for over $24 million. The exploit took place just a few hours after DeFi analyst Chris Blec, published a statement that warned of the vulnerabilities in the Harvest protocol.

https://twitter.com/ChrisBlec/status/1320375400141328384

The attacker was able to exploit Harvest by manipulating stablecoin prices on the contracts that the Harvest protocol interacts with. Once the attacker manipulated the stablecoin prices to the point where they were in their favor, the hacker drained Harvest protocol’s liquidity pools and subsequently converted the stolen funds to renBTC.

Not many technical details are known about the hack at the moment, but the Harvest team has put up a $100,000 bounty that will go to the individual who can identify the hacker and says they will release a post mortem report sometime today.

DeFi has a (few) loopholes

Many DeFi smart contracts rely on external smart contracts which gives hackers multiple attack vectors. When a smart contract must communicate with other smart contracts, it no longer matters if the main smart contract you are interacting with is secure. Attackers, like the individual(s) who exploited Harvest this morning, can manipulate the smart contracts that the main contract communicates with to manipulate prices and subsequently drain the liquidity pool or withdrawal funds. 

Many DeFi exploits have taken place this year, and in every instance, a ‘hack” or “breach” never actually occurred. Instead, the attacker had a deep understanding of how the DeFi protocol worked as well as which external smart contracts the main contract communicated with and then used that knowledge to pull all the strings attached to the main contract to make away with millions in stolen funds.

When it comes to DeFi, proceed with caution; most DeFi protocols have no real business model, have not been code-audited, and were only created to make their founding team a few dollars. With such an insecure infrastructure and no real interest in creating a long-lasting business, you should expect more DeFi exploits and rug-pulls to happen in the DeFi space.

Recommended for you

Sch. Post test

Lorem ipsum odor amet, consectetuer adipiscing elit. Elit torquent maximus natoque viverra cursus maximus felis. Auctor commodo aliquet himenaeos fermentum

November 7, 2024
Post with chaching

Lorem ipsum odor amet, consectetuer adipiscing elit. Accumsan mi at at semper libero pretium justo. Dictum parturient conubia turpis interdum

November 4, 2024
Advertisement