DeFi yield farming protocol, Harvest Finance, has again increased its bounty to $1 million. This team aims to track down hackers who carted $24 million from its users over the weekend.
Previously, the firm offered a $100,000 bounty and later increased it to $400,000, all to no avail. It announced it had increased the bounty to $1 million on Thursday. Throwing so much money around seems a bit suspicious, however.
đź’µIncreasing the bounty for tracking down the attacker and returning the funds to $1M
Here's what we know about the attacker:
1) understands flashloans
2) understands arbitrage and trading
3) understands curve internal code
4) understands renBTC
5) understands opsec1/2
— Harvest Finance (@harvest_finance) October 29, 2020
The farming protocol was hit through a flash loan attack used to deflate prices of stablecoins contributed to Harvest. The tokens were then snatched at low prices from liquidity pools. Harvest referred to the hack as an engineering error and asked that the hackers kindly return the stolen funds.
Harvest Finance became wiser after the hack. They considered restricting flash loans that enable users to deposit and withdraw funds simultaneously, usually for price arbitrage. After all, that is how they got hacked in the first place.
Getting back the stolen fund
Although the firm admits its fault, they are yet to map out a precise strategy to compensate users. They claim that they are formulating a remediation plan for affected users. Harvest Finance made a (humble) request that the funds are returned to the deployer contract so that it can be distributed back to the users.
The firm resorted to threats at one point. The team said that they know who the hackers were but would not make them public. They proposed the $100,000 bounty then and increased it to $400,000 in the hope that someone can convince the hackers to return the funds.
In addition to the BTC addresses which hold the funds, there is now a significant amount of personally identifiable information on the attacker, who is well-known in the crypto community.
We are putting out a 100k bounty for the first person or team to reach out to the attacker
— Harvest Finance (@harvest_finance) October 26, 2020
Since these actions are yet to yield any result, they increased the bounty again. Continuing to do so will prove incredibly difficult, however. One also has to wonder where the $1 million is coming from exactly.
We have no direct hard proof.
Getting the direct hard proof leading to the return of funds is the point of the $1M bounty.
— Harvest Finance (@harvest_finance) October 29, 2020
Harvest Finance measures to forestall future hack
Harvest plans to make user balances whole again when they get the funds back. “Our main focus in Week 9 is to restore funds from the hacker and to mitigate any flash loan attacks that can affect users.”
They are also working on blocking any future attack after they recover looted funds. Eight major exchanges were consulted to blacklist Bitcoin addresses used by the hacker.
As the firm tries to come back from the hack, things aren’t going its way at all. Its FARM token, which was trading above $230 on Sunday, is currently hovering around $100. Its 7-day drop of 61 percent is the largest of any coin in CoinGecko’s top 300.