Hackers seized USDT and USDC stablecoins costing $24 million from Harvest Finance’s stablecoin and BTC pools.
Harvest Finance, which is a yield aggregator supplies liquidity to other DeFi funds to make a profit for its liquidity providers (LPs). The attackers supposedly took advantage of the mechanism in Curve’s Y pool for their actions. The protocol announced that measures are taken to discover the crime.
According to the report, cybercriminals used arbitrage method. They used a $50 million flash loan, which allowed increasing the value of the stablecoins on Curve protocol. Afterwards, the hackers exploited stablecoin and Bitcoin pools on Harvest Finance to get a larger amount of stablecoins in exchange for the tokens on Curve at a higher rate.
Trending: Toncoin Up 13% in a Week Amid Telegram's Usernames Auction
In about seven minutes, the attackers drained $24 M from Harvests’ liquidity. Harvest’s governance token FARM fell 60% after the news of the hack. The total volume of trading on Curve’s USDT and USDC shot from $10 million to over $2.7 billion. Interestingly, the hacker sent $2.5 M back to the deployer.