The DeFi industry was surrounded by a shock when Harvest Finance protocol was exploited using the flash loans. Soon after the attack, the investigation was done which revealed that the attacker had used arbitrage to exploit the protocol. It took only 7 minutes for the hacker to attack the protocol and within those seven minutes, it took away $24 million. According to the firm, the total loss that the firm has faced due to this attack is around $33.8 million. This amount is equal to 3.2% of the total value locked in the protocol.
Harvest Finance Requested the Attacker to Return Funds
Shortly after the attack took place, the Harvest Finance team has admitted that they made an engineering error while designing the protocol. This error has made a huge contribution to this attack. Currently, the firm is trying out measures for all the users who were affected in the attack. The firm has also requested the hackers to return the funds so that they can use them to compensate the affected users.
Harvest Finance team stated:
“We made an engineering mistake, we own up to it. Thousands of people are acting as collateral damage, so we humbly request the attacker to return funds to the deployer, where it will be distributed back to the users in its entirety.”
$100k Bounty For Helping the Firm to Recover Funds
Harvest Finance has claimed to have some information about the hacker and they have announced a bounty for anyone that will help in recovering the funds. According to the announcement, the firm will offer a $100k bounty for returning the funds. Along with this, the bounty will be increased to $400k if the firm will receive the return within 36 hours.
It is also revealed that the attacker who exploited Harvest Finance has made several transactions in an address that belongs to Binance. As the DeFi market is currently flourishing to a very great extent, it is believed that there might be other attacks as well.
Flashloan attacker's 10 BTC addresses:
— Harvest Finance (@harvest_finance) October 26, 2020