In fact, $FARM was down by over 70%, at the time of writing. With over $500 million at risk, hackers/ruggers are reportedly moving funds into renBTC and attempting to sell it off.
In fact, according to a few community members, funds have also been sent to Tornado Cash to be laundered.
In fact, at the time of writing, a clearer picture wasn’t available, with many confused about whether this is a Harvest issue or a Curve issue. However, Harvest Finance did confirm that something was going on after it released a statement announcing an “economic attack,” adding that the team is actively working on mitigating the attack on stablecoins and BTC pools.
We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available— Harvest Finance (@harvest_finance) October 26, 2020
The economic attack in question was performed through the curve y pool, stretching the price of stablecoins in Curve out of proportion and depositing and withdrawing a huge amount of assets through Harvest. The protocol added,
“To protect users, we’ve pulled Y pool and BTC Curve strategy funds to the vault.”
At this stage, 100% of all stablecoin and BTC Curve strategy funds have been withdrawn from the strategy and deposited into a vault. Further, no other pools are said to have been affected by this attack.
Harvest also released a statement claiming that their next steps to protect users included a move to block deposits to the Stablecoin and BTC vault, while existing deposits will continue to earn $FARM.
According to Chris Blec, $2.5 million worth of stablecoins were transferred into Harvest Finance’s anon developer admin key address from the hackers’ exploit contract.
pic.twitter.com/Ua9hdwBuy0— Chris Blec (@ChrisBlec) October 26, 2020
Harvest Finance’s TVL amounted to over $940 million, at the time of writing. It should be noted, however, that no statement has been released so far about the lost funds (If they are indeed lost) and whether they will be recovered and if users will be compensated for the same.