Early Monday, the decentralized finance (DeFi) protocol Harvest Finance was exploited by an unknown attacker, who drained about $25 million in value and swapped for renBTC (rBTC).
This incident has risen again and even heated the debate on whether this kind of flash loan-based arbitrage attacks are really "hacks". Technically, the attacker didn't play upon any vulnerabilities of the system but made a great profit by market manipulation: repeating speedily exploitation cycles of temporarily boosting the USDC price and then redeeming their shares quickly.
As a European leader in crypto risk AML solution, Scorechain follows the incident from the very beginning. No matter in which way the attacker made the profit, considering that the consequence is serious for the victim and also for the ecosystem's stability, we immediately flagged the attacker's addresses on our Blockchain Analytics Platforms.
Now 5 days later, here are a quick review of what we know so far:
- On 26th Oct 2020, early Monday, the attacker moved funds from the Harvest Finance pool to his/her own wallet.
- Less than 2 hours later, our crypto risk AML alert system notified us that a part of funds (about 295BTC) were moved for the first time to another address. A part of hacked funds have been moved to exchanges such as Binance, Coins.ph - Coins.co.th.
- On 27th Oct 2020, our crypto risk AML software identified several famous exchanges were identified as the destination of the hacked funds, including Kraken, Huobi, Bitmex with transactions below:
- 84a1c7b16838d695a1ffca1a03762a57a8251ee752302ba831017fac556cc86a (to Kraken)
- a4cb40e5e6d58e8c5a463fc9df49fd506820686bea63b71cfd0ac6490182ba22 (to Huobi)
- 96382a27373936eda6414b66dd2de4d950ccc4771e19fd2494c525ce0d4b1c86 (to BitMEX)
- On 28th Oct 2020, the attacker continued to move the funds. 5 transactions happened, with a total amount of more than 1000BTC! So far, the funds haven't reached any exchanges yet.
We will keep a close eye on the movement and keep you posted!
---------
Update on 1st Nov 2020:
Almost 200BTC was moved on Nov 1st, the transaction hash: 13c229e1e9d9da85656869bb6fab9c7daec6e0e386e20b863378f347f3fce681
Scorechain KYT report shows that 15% of this funds (30BTC) went to a Mixing service called "Wasabi wallet". 169BTC stays as Unspent output for the moment.
