- Harvest Finance has called for its attacker to do the decent thing and return the $24 million they stole
- The DeFi project claimed to know who the person was but this seems to have been a bluff
- The hacker used a flashloan to manipulate the price of USDT and USDC tokens
Harvest Finance, the DeFi platform that was gamed by an arbitrage user for $24 million on Monday, seems to have admitted that its claimed knowledge of the perpetrator’s identity was a bluff. In a series of tweets accompanied by a Medium article explaining the $24 million loss, Harvest Finance has gone from magnanimously declining to doxx the arbitrager yesterday to begging him to return the funds, suggesting that their threat was simply a bluff that has not worked.
Harvest Finance Pool Values Manipulated
Harvest Finance saw its smart contracts taken for $24 million early on Monday morning when an attacker executed a theft of funds from the project’s USDC and USDT vaults. The complicated process involved the arbitrager taking out a crypto loan (flashloan) and using it to manipulate the value of USDT and USDC tokens inside Harvest Finance pools, allowing them to withdraw the tokens at a reduced value.
Initially the theft was seen as a hack or a rug pull, but investigations soon revealed that someone had worked out how to game the Harvest Finance system, much in the same way as bZx was gamed in February.
Doxxing Threat Fails to Worry Hacker
Harvest Finance initially gave the impression that they were close to retrieving the funds, posting the wallet addresses the funds had gone to and going as far as to say yesterday that they knew who the attacker was but that they wouldn’t doxx them because “people should have their privacy”.
Just 24 hours later however the situation is a little less clear, with Harvest Finance resorting to pleading with the attacker to do the decent thing and return the funds, with some suggesting that they tried to call the attacker’s bluff and failed:
It’s absolutely made up. The guy that pulled this off would not doxx themselves, I can pretty much guarantee that. It’s a pro
— Larry Cermak (@lawmaster) October 26, 2020
The odds of this happening are dwindling with every hour that passes, hours that Harvest Finance say they are spending “evaluating possible mitigation strategies and implementing them alongside with any necessary UX changes in the upcoming releases.”