This article was first published on Stories by ælf on Medium
-----
On October 26, Harvest Finance, a project with a total volume locked (TVL) of more than $1 billion, was attacked by anonymous hackers. So far, the attack has caused about $24 million in losses, with many holders claiming to have lost more than 15% of their funds. Affected by this news, $FARM, the native token of Harvest, tumbled by 65% in less than an hour, according to CoinGecko.
Influencers in DeFi suggested that users withdraw their money first to make sure it’s safe. In addition, Harvest has advised users to stop depositing in the Stablecoin pool and the BTC pool.
At the time of writing, the volume locked in Harvest contract has fallen to $599M, down by 46.42% compared to 24 hours earlier.
The hack came a day after DeFi watcher Chris Blec revealed the huge risks involved in the Harvest project: the more than $1 billion funds in contracts were entirely controlled by anonymous developers. It is suspected that the development team has been deliberately hiding this fact.
Ma Haobo, founder and CEO of aelf, expressed his own speculation on this matter: the first thing you need to know is that P2P (peer-to-peer) can borrow a lot of money without collaterals. No matter how little slippages there are in AMM, they always exist. Moreover, although the slippage of the Curve’s graph between the two tokens is relatively low, there will still be uncontrollable events in extreme cases.
Ma Haobo speculated that the hackers may have borrowed a large amount of money using P2P, and then pushed Curve’s price to outrageous levels. After that, they went to Harvest for unilateral depositing at a risk price (deposit in the case of losing money). Then they used Curve to redeem the money. In this way, Harvest lost money, and hackers profited. Curve’s price also fluctuated ...
-----
To keep reading, please go to the original article at:
Stories by ælf on Medium
Comments (No)