Details are thin on the ground at the moment as the situation is unfolding, but DeFi yield farming protocol Harvest Finance appears to have become the latest victim of an exploit by a malicious actor.

The team is currently updating via their twitter feed but it appears that an ‘economic attack’ was carried out on its Curve y pool. This ‘stretched the price of the stablecoins in Curve out of proportion’.

We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available — Harvest Finance (@harvest_finance) October 26, 2020

Large amounts of assets have been deposited and withdrawn from the protocol in what seems to be an arbitrage attack. DeFi Prime also confirmed this in a recent tweet as it monitors the situation.

🚨 Something shady is going on with Harvest Finance and huge arbs between Harvest and Curve 🚨 It’s a developing situation and needs to be monitored closely. — defiprime (@defiprime) October 26, 2020

To protect users, Harvest Finance has pulled the y pool and BTC Curve strategy funds to its vault adding that all stablecoin and BTC funds are secured. At the time of writing it was unclear as to whether any funds have been lost.

“To be specific: to protect users, 100% of Stablecoin and BTC curve strategy funds have been withdrawn from the strategy to the vault.”

Harvest Finance is another DeFi protocol that seeks the highest earning pools to farm, similar to Yearn Finance. Following the now tired and much-repeated pattern, it has its own FARM token that is distributed as a reward for liquidity providers.

ADVERTISEMENT

The team states that its smart contracts have been audited by Haechi Labs and PeckShield. It is unclear at this stage whether the attack is the result of a smart contract code flaw.

According to DeFi Pulse, Harvest Finance garnered over $1 billion in total value locked surging into the top five DeFi platforms, however, that had already begun to plummet as the news broke.

The situation is currently developing and the latest updates are being posted on the Harvest Finance twitter feed: https://twitter.com/harvest_finance