Main navigation

Another DeFi Disaster: Attacker Drains $24 Mln from Harvest Finance, FARM Token Tanks

Mon, 10/26/2020 - 06:09
article image
Alex Dovbnya
The decentralized finance sector suffers another major setback with Harvest Finance
Another DeFi Disaster: Attacker Drains $24 Mln from Harvest Finance, FARM Token Tanks
Cover image via
Read U.TODAY on
Google News

Decentralized yield farming protocol Harvest Finance has lost $24 mln after being successfully exploited by a hacker. $2.5 mln has been already sent back to the deployer.

Whoever hacked the protocol is currently converting his or her ill-gotten gains to renBTC, a popular synthetic version of Bitcoin, and Tornado Cash, a zkSNARKs-based privacy tool for obfuscating Ethereum transactions.      

In its statement, Harvest Finance explains that the attack was carried through the Curve Finance Y pool that allows earning interest by depositing stablecoins and Bitcoin:           

“The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large amount of assets through harvest.”

All of the protocol’s stablecoin and Bitcoin strategy funds have been withdrawn to its vault.   

Harvest Finance’s FARM governance token has collapsed over 60 percent, according to CoinGecko data.   

Image by

DeFi Pulse data also shows that the protocol has hemorrhaged over $369.8 mln worth of total value locked.     

Image by

DeFi Speculators Pour $15 Mln Into Unknown Protocol. Things Went Terribly Wrong
The attack underscores the fragility of DeFi protocols that routinely face similar attacks. Entrepreneur and quant trader Qiao Wang calls the Harvest Finance incident “a huge setback” for DeFi:

“Really wanted to see anon/pseudon teams succeed in crypto but so far we still only have BTC and arguably XMR I think. Harvest is a huge setback for anon DeFi.”

Prior to the hack, the Chinese protocol would face plenty of criticism due to its centralized key management model, with its anonymous founders singlehandedly controlling over $1 bln of assets. 

Some of the protocol users are complaining about being kicked from the protocol’s Discord channel after asking about the attack. 

article image
About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at