Harvest Finance, what used to be a $1 billion yield farming protocol on Ethereum, underwent a brutal attack last week that wiped approximately $30 million from user accounts.
The pseudonymous attacker leveraged a flash loan, along with a series of manipulative transactions between Curve, Uniswap, and Harvest, that allowed them to drain millions of dollars worth of stablecoin from Harvest's pools.
Reports indicate that the attacker could have kept on going and withdrawn close to $1 billion of stablecoin and tokenized Bitcoin deposits in the protocol but opted against doing so for an unexplained reason.
This attack highlighted how flash loans can be used to exploit economic vulnerabilities within DeFi protocols and pool to the tune of millions of dollars.
Whether it's unclear whether or not he was inspired by the Harvest Finance attack, a security researcher in the space found a similar economic flaw within Yearn.
Wen-Ding Li described a potential attack vector of a flash loan attack that could take place on Yearn.
"Having established contact, Wen-Ding discloses that he has an initial proof of concept of a flash loan attack that can be mounted on the TUSD vault, resulting in an 18% loss to users, with the attacker being able to walk away with 650k TUSD.".
The theoretical attack vector was similar to the Harvest one in that this Yearn.
Finance's Vaults for DAI and GUSD were vulnerable to the same vector of attack but the proper measures were in place to avoid this from transpiring.
This attack vector comes shortly after another was patched.
Yearn.finance rapidly fixes "attack vector" similar to one used on $1b protocol Harvest
Published on Nov 2, 2020
by Cryptoslate | Published on Coinage
Coinage
Recent News
View All
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.