Hackers seized USDT and USDC stablecoins costing $24 million from Harvest Finance’s stablecoin and BTC pools.
Harvest Finance, which is a yield aggregator supplies liquidity to other DeFi funds to make a profit for its liquidity providers (LPs). The attackers supposedly took advantage of the mechanism in Curve’s Y pool for their actions. The protocol announced that measures are taken to discover the crime.
According to the report, cybercriminals used arbitrage method. They used a $50 million flash loan, which allowed increasing the value of the stablecoins on Curve protocol. Afterwards, the hackers exploited stablecoin and Bitcoin pools on Harvest Finance to get a larger amount of stablecoins in exchange for the tokens on Curve at a higher rate.
Trending: Smart Contracts Audits Startup Hexens Closed $4.2 M Seed Funding
In about seven minutes, the attackers drained $24 M from Harvests’ liquidity. Harvest’s governance token FARM fell 60% after the news of the hack. The total volume of trading on Curve’s USDT and USDC shot from $10 million to over $2.7 billion. Interestingly, the hacker sent $2.5 M back to the deployer.