Hacked DeFi Harvest Finance begs, increases bounty to get stolen funds back

BlocDesk Harvest FInance BlocDesk Hacker Drains $24M From Harvest Finance, Returns $2.5M

DeFi yield farming protocol, Harvest Finance, has again increased its bounty to $1 million. This team aims to track down hackers who carted $24 million from its users over the weekend.

Previously, the firm offered a $100,000 bounty and later increased it to $400,000, all to no avail. It announced it had increased the bounty to $1 million on Thursday. Throwing so much money around seems a bit suspicious, however.

The farming protocol was hit through a flash loan attack used to deflate prices of stablecoins contributed to Harvest. The tokens were then snatched at low prices from liquidity pools. Harvest referred to the hack as an engineering error and asked that the hackers kindly return the stolen funds.


Harvest Finance became wiser after the hack. They considered restricting flash loans that enable users to deposit and withdraw funds simultaneously, usually for price arbitrage. After all, that is how they got hacked in the first place.

Getting back the stolen fund

Although the firm admits its fault, they are yet to map out a precise strategy to compensate users. They claim that they are formulating a remediation plan for affected users. Harvest Finance made a (humble) request that the funds are returned to the deployer contract so that it can be distributed back to the users.

The firm resorted to threats at one point. The team said that they know who the hackers were but would not make them public. They proposed the $100,000 bounty then and increased it to $400,000 in the hope that someone can convince the hackers to return the funds.

Since these actions are yet to yield any result, they increased the bounty again. Continuing to do so will prove incredibly difficult, however. One also has to wonder where the $1 million is coming from exactly.

Harvest Finance measures to forestall future hack

Harvest plans to make user balances whole again when they get the funds back. “Our main focus in Week 9 is to restore funds from the hacker and to mitigate any flash loan attacks that can affect users.”

They are also working on blocking any future attack after they recover looted funds. Eight major exchanges were consulted to blacklist Bitcoin addresses used by the hacker.

As the firm tries to come back from the hack, things aren’t going its way at all. Its FARM token, which was trading above $230 on Sunday, is currently hovering around $100. Its 7-day drop of 61 percent is the largest of any coin in CoinGecko’s top 300.