Trade volume on Uniswap reached a record of $2.12 billion, coinciding with the hack of Harvest Finance DeFi protocol that resulted in the theft of $24 million in digital assets.
The attackers discovered an exploit in the Harvest Finance protocol, used for profitable farming. Within just seven minutes they pulled $24 million in digital assets from the Harvest Finance protocol and moved them to Uniswap, the main trading platform of the DeFi market. Using Uniswap, hackers conducted multimillion-dollar arbitrage deals between Harvest and Curve and exchanged the stolen assets for renBTC (rBTC), and mixed them in the Tornado Cash mixer.
According to the anonymous devs team of Harvest Finance, the attack was carried out by manipulating the prices of stablecoins in the Curve Finance pool, with which Harvest Finance contracts interact. The hacker used the instant borrowing mechanism, performing several repetitive operations to deposit and withdraw USDT and USDC, which caused the price of stablecoins to change. In one cycle, attackers managed to receive approximately $500,000 in profit.
Amid reports of successful hacking, the price of the FARM token plummeted by 65%. A few hours later, the attacker returned $2.47 million, the Harvest Finance team reported. Acceptance of deposits in stablecoins and bitcoins in the Harvest Finance pools has been temporarily suspended. Harvest Finance announced a $100,000 bounty for robber information.
The attacker channeled the stolen funds through an automated market maker on Uniswap, Denis Vinokurov, head of research at London-based primary brokerage service Bequant, suggested. “Volume on Uniswap surged, as the Harvest Finance exploiter likely ran money through the automated market maker,” Denis Vinokourov told CoinDesk in a Telegram chat.