It’s happened again, folks. Bad actors have made their presence known in the cryptocurrency space and another exchange has been targeted in what appears to be a rather expensive hack. Harvest Finance, a web portal that allows consumers to trade and invest digital currencies and then garner interest on their holdings, has been targeted, and reports losing as much as $24 million in a recent attack.
Harvest Finance Is the Latest Hacking Victim
This is nothing new, and at this stage, it’s likely that many crypto traders and enthusiasts everywhere are numb to this kind of story, especially considering that while $24 million may sound big at first, it’s nothing compared to the other massive hacking incidents that have taken place in the past.
Arguably the two largest crypto hacks occurred in Japan on the exchanges Mt. Gox and Coincheck. The former occurred in February of 2014, while the latter happened roughly four years later in January of 2018. The first hack saw more than $400 million in BTC funds disappear overnight. While this may sound huge, it’s small beans compared to the half-a-million+ that was lost through Coincheck, a company that specifically saw its hot wallet accounts by malicious individuals.
From there, other trading platforms, such as Binance, have seen their holding dissipate at the hands of those looking to gain access to funds that aren’t theirs.
The hack on Harvest Finance occurred earlier in the week and was confirmed on Twitter by executives, who appear to take full responsibility for the event. The messages on Twitter explain that a hacker invested quite a bit of money on the platform and then exploited a loophole in Harvest Finance’s algorithms to manipulate funds for his or her own benefit. The hacker ultimately targeted stable currencies, making off with roughly $13 million worth of USD Coin (USDC) and $11 million in Tether.
In a bizarre twist, executives claim that shortly after performing the attack, the hacker returned close to $3 million in digital funds. At the time of writing, the reasoning behind this move remains unclear, though it could be to try and ease relations somewhat considering those in charge of the platform claim they know who the attacker is, citing them as “well-known in the crypto community.”
According to a tweet, the attack occurred simply because Harvest Finance’s technological prowess wasn’t up to speed, and executives say they are doing everything they can to ensure the money is returned. At press time, they have even reached out to the hacker saying that should all funds be returned, they will not face any consequences.
Trying to Put Things Right
The team writes:
We made an engineering mistake. We own up to it. We do not have any interesting in doxing the attacker… People should have their privacy. You’ve proven your point. If you can return the funds to the users, it would be greatly appreciated by the community, and let’s move on.