Another major DeFi attack

[poodle63]

If it's insider job then people should already realize that anonymous dev means red flag and if it's not an insider job then we should be concerned about the security of defi projects and why it can be exploited like that. Feels like these project are some half baked project made by some small anonymous team. but "admin key" in a project that's supposed to be "decentralized" sounds really fishy. I'd stay away.

[gunungkembar]

If it's insider job then people should already realize that anonymous dev means red flag and if it's not an insider job then we should be concerned about the security of defi projects and why it can be exploited like that. Feels like these project are some half baked project made by some small anonymous team. but "admin key" in a project that's supposed to be "decentralized" sounds really fishy. I'd stay away.

when they say that the project team is anonymous it will make it easy for them to scam because the reason is that no one knows the identity of the DeFi project maker which ends up threatening many people with a time bomb that could explode and make a lot of people lose.

[shoreno]

If it's insider job then people should already realize that anonymous dev means red flag

some people won't care of that but they care more on the profit . this is crypto and defi is decentralized so having an anonymous Dev can also be legal ?

and if it's not an insider job then we should be concerned about the security of defi projects and why it can be exploited like that. Feels like these project are some half baked project made by some small anonymous team. but "admin key" in a project that's supposed to be "decentralized" sounds really fishy. I'd stay away.

all on this space can be exploited like that even without that admin key thing but this case is more serious because they have that admin key thing , right at the start of thier run they already announce that they have this admin key thing ? Because if yes then there will be less people that are going to participate with it because of its risk

[EmmaGod]

It feels like the defi craze is gradually coming to an end with the several attacks we're experiencing in the space. It's best for liquidity providers and investors to consider other sources of income from the space. I was certain that the defi bubble would come to halt one way or the other and it seems to be on the verge to accomplishing that.

[Chuky92]

Will it be right to say that most developers are now using the anonymous nature associated with DeFi projects to carryout a lot of unworthy acts. "anonymous Devs having an admin key", although I don't know much about this project but what if it's true? $25 million is a huge amount and this will only cause more users to dump their token sooner than later because the trust has been lost. Also, this will make other Defi projects with anonymous team to be questioned.
DeFi is now lossing reputation as day goes by, on one hand the hype is dropping fast and on other hand, people are now battling with scams, exploits and so on; maybe this is ICO era repeating itself again and therefore everyone needs to be careful of the promises most of these projects are making.

[Princejebs]

There is absolutely something Fishy with this hacked brouhaha. The hacker return 2 million back, this is definitely an insider Job just like Kucoin. They should involve the authorities, if they make thorough investigation, they would have a lead.

DeFi is just too risky, I like the techno-finance trend but decentralization comes with risk as well. I feel safe to buy an existing top market tokens with fibonacci correction than invest on new projects.

[NewRanger]

again and again, investors become victims of the Defi project, it really gives room to scammers, it is increasingly unclear where the Defi product is, whether all Defi projects will be destroyed because the more days the Defi project is increasingly unclear, many new Defi projects have sprung up and all make a lending platform and eventually the price also falls.

as long as they dont care about developers background victim will always occur in cryptocurrency market, investors give too many chance for scammer to life in this market. they only care about trend in market but forget about risk that may involve on it. in my opinion defi was not interested anymore, investos looking at NFT project now  and some old coins in market that have low price.

[Ucy]

The problem is not the Anonymity. Anonymity is part of the feature of true Cryptocurrency. Without it, a decentralized network could be vulnerable to multiple  attack types.
A good developer can go through kyc verification while still remaining anonymous if his/her real verified identities can be immutably/permanently linked to his/her decentralized account. The developer can then create anonymous account/accounts from the verified identities, which can be unmasked or de-anonymized by the network if he/she commits a serious crime, like hacking, stealing of funds etc

Part of the problems with Defi is that it's an ecosystem that tolerate taking big financial and security risks on new platforms that haven't been thoroughly or well tested.  I read somewhere that the platform was even audited. An auditor/auditors probably gave the platform a pass mark. So, what then went wrong? Most likely was audited by unqualified, compromised , or few auditors... it wasn't unedited well enough etc

[Febo]

Another major DeFi attack

I read a good suggestion on the Monero subeditor. Be smart people and cut out the middle man. Better buy Monero instead of giving wealth to these scammers fro them to buy Monero. Just do it yourself and cut out the middle man.

[Myleschetty]

First it was Yam Defi token and now it Harvest finance. This is awake up call for all Defi project investors to always the danger in a Defi project before invest in it because a project which it Dev was an anonymous individuals and also have an admin key that could empty the project protocol contract is definitely a failed project from the beginning.

[btcltcdigger]

Blaming it on the hackers is the easiest coverup in crypto space.
Many exchanges have done so, so if DeFi projects are doing it, i wouldn't be surprised.

But alas, that's the risk of current yield farming craze, there's barely, if any contract audit that would guarantee safety of the investors.

Next time you want to yield farm, check the contract, read it, try to understand it. They're not big, and anyone with some technical language can understand what they do.
If anything is suspicious, stay away from it

[dimonstration]

If it's insider job then people should already realize that anonymous dev means red flag and if it's not an insider job then we should be concerned about the security of defi projects and why it can be exploited like that. Feels like these project are some half baked project made by some small anonymous team. but "admin key" in a project that's supposed to be "decentralized" sounds really fishy. I'd stay away.

when they say that the project team is anonymous it will make it easy for them to scam because the reason is that no one knows the identity of the DeFi project maker which ends up threatening many people with a time bomb that could explode and make a lot of people lose.

That's why never invest in anything we don't know whose the operator, developer or behind that project. When it comes in DeFi project I usually watch live stream explanations of them about their project in their YouTube accounts or website. to see their personality and how well they know their project when there's a Question and answer part. If they believe in their project, they will reveal their identies

[jacafbiz]

The main issue here is that the team is anonymous, I don't understand why people are convinced that they can give the control of their money to someone they don't know. The second issue here is that all these Audit forms need to take responsibility for some of these hacks, if you are paid to look for vulnerabilities and weeks after the protocol is exploited, is it not possible that you see the exploit and leave it for some weeks and later exploit it yourself. Anyone using DEFI should understand they risk and he/she stands the chance of losing all their money

[Yaunfitda]

Another major DeFi attack

I read a good suggestion on the Monero subeditor. Be smart people and cut out the middle man. Better buy Monero instead of giving wealth to these scammers fro them to buy Monero. Just do it yourself and cut out the middle man.

But Monero has it's fair share of de-listing? the latest is the Bitvavo, a European exchange, removed Monero due to AML5 regulations. What's funny though is that the hackers has supposedly return $2.5 million, it's just like when you get mugged on the streets and then these criminals left you some money so that you can go home.  . Interesting to note though that the supposedly hackers have left a footprint that it is identifiable, and as per Harvest Finance  "well-known in the crypto community."

[DarkDays]

It has now been confirmed by Harvest representative that the attacker “manipulated prices on one money lego (curve y pool) to drain another money lego [farm USDT (fUSDT), farm USDC (fUSDC)], many times. The attacker then converted the funds to renBTC and exited to bitcoin.” Source here.

The key features are:
- Harvest Finance was hacked on Monday for $24 million
- protocol’s liquidity pools were the targets
- attack consisted of an arbitrage attack using a large flash loan – a type of uncollatarized loan –
- hack complete in 7 minutes

All of the above factors go to show that this was a very quick attack and unsurprisingly a well strategised one. It also emphasises the thing we all hear about 'security', and how important that can be even at time when you think you're all set. Sad to hear that this has happened.

[Clement Kaliyar]

An exploit in DeFi protocol Harvest Finance has caused over $25 million in funds to be stolen. Most of these funds have been traded for renBTC and mixed through Tornado Cash.
The protocols native token FARM has fallen 65% in value.
It's possible that this could be an exit scam since Harvest Finance's anonymous devs supposedly have an admin key that can drain the protocol's contract.

The scams are popping up in the hype market of DeFi every week and scammers are taking advantage of the hype and the lesson here is that do not invest in anything that have anonymous developers, if people did not learn that basic from the ICO shit days then they have to be blamed.

Heading should be, another shitty scam in DeFi .

[tabas]

Looks like attackers's BTC addresses have been identified:

Code:

1Paykw4s2WX4SaVjDrQkwSiJr16AiANhiM
1Paykw4s2WX4SaVjDrQkwSiJr16AiANhiM
1HLG86DDEzAxAGmEzxr1SUfPCWcnWA6bMm
14stnrgMFNR4LesqQRUdo5n1VUx9xdAMeg
18w2Bm2cCsbLjWQU9BcnjzK8ErmzozrVa3
1FS2t2eAjmjaNmADN6SMHYo7G4XGpX1osS
1NdAJ89k1qpRMpZLwuYGQ7VnM45xD2NJXa
1CLHhshrusvT4XADWA29R2H4ndsSUamEWn
1FS2t2eAjmjaNmADN6SMHYo7G4XGpX1osS
1CLHhshrusvT4XADWA29R2H4ndsSUamEWn

Woah!
Those are huge transfers, the first one with 295 BTC transferred and the next one holds 199 BTC. I guess it's just a matter of time then these will be on dumped.

[Onika84]

What happened? I don't understand the reason for a project not to show team information clearly. As we know, Defi was born because of transparency and freedom. But the project is not honest, you don't have to know who our team is, because we will steal your money. crazy defi

[LogitechMouse]

Things like this are likely to happen as it also happened when ICO is booming 2-3 years ago.
It is possible that this is just another exit scam and they just say that it has been exploited but in reality the devs just sold it out of nowhere.

Like I'm always saying, if you see value to your money then at least don't invest into these new projects for now since things like this are likely to happen. Exploits, hacks, exit scams etc. but if you really want to invest then good luck .