The fiasco with Harvest Finance continues with full force. The team has put a $100,000 bounty for the first person or team to reach out with information about the hacker.
It’s also important to note that the attacker has decided to return $2.5 million to the deployer contract of Havers Finance. However, given that the total amount of stolen funds is close to $24 million, the returned sum represents a tight 10% of it all.
As CryptoPotato reported earlier this morning, the popular DeFi-based protocol Harvest Finance was attacked.
Later on, the team put out a $100,000 bounty “for the first person or team to reach out to the attacker and help the attacker return the funds to the deployer address.”
In what seemed like a desperate call to action, Harvest Finance called out the hacker, saying:
… you’ve proven your point if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders watching DeFi from afar.
The team also said that they are “not interested in doxxing the attacker,” urging him to return the funds to the users.
As indicated by DeFi proponent devops199fan on Twitter earlier on, a total of $24 million were stolen from Harvest Finance, and the hacker returned about $2.5 million back. The team said that the money would be distributed to the affected users pro-rata using a snapshot.
This is definitely not the first time a DeFi protocol has been compromised. Earlier in September, leverage-based lending and trading platform bZx, became the target of yet another hack. Attackers made away with $8 million worth of different cryptocurrencies, and this was the second time this particular platform was exploited.
What this goes to show is that decentralization comes with a cost. It’s oftentimes brought up that cryptocurrencies are an alternative to centralized financial authorities like banks because they separate state from money. That’s true – they really do, in some cases.
However, it’s also true that the risks are much greater, especially with novel concepts like most of what’s going on currently in DeFi.
Remember to always do your own research and never put money in untested protocols, and always risk money that you can afford to lose.
CryptoPotato reached out to the CEO of cybersecurity company Hacken for comments on what measures should be taken to potentially prevent events of the kind happening in the future in respect to Harvest Finance.
Speaking on the matter, Dyma Budorin, said that the following can be done:
1. Deposit function should not be accessible to 3rd party smart contracts, or at least certain value limits should be in place.
2. Arbitrage check function should have way less tolerance value. The current 3% rate is far too big.