Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker was identified after the theft of $24 million from Harvest Finance

A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today […]

Grinex

A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance.

A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns.

The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.

“On October 26, 02:53:31 AM +UTC, an attacker executed a theft of funds from the USDC and USDT vaults of Harvest Finance.” reads the security breach notification published by the company. “The attacker exploited an arbitrage and impermanent loss that influences the value of individual assets inside the Y pool of Curve.fi, which is where the funds of Harvest’s vaults were invested.”

The attackers initially invested large quantities of cryptocurrency assets in the company service and then used a cryptographic exploit to stole the platform’s funds and transfer them to wallets under its control.

The attacker successfully transferred 13,000,000 USD Coin (USDC) and 11,000,000 Tether (USDT) from the attacking contract to the address “0x3811765a53c3188c24d412daec3f60faad5f119b.”

Experts noticed that shortly after the attack, the hacker returned roughly $2.5 million back to Harvest Finance, but they ignore the reason.

The company immediately launched an investigation into the cyber heist, it claims to have linked the fraudulent activities to an individual “well-known in the crypto community.”

The company claims to have collected “a significant amount of personally identifiable information on the attacker initially offered a $400,000 bounty to anyone who will allow recovering the stolen funds. The bounty will be lowered to $100,000 after 36 hours of the announcement.

The company hopes that the attacker will return the stolen funds:

Harvest Finance explained that the attack was the result of an error it has made, anyway if the attacker will return the stolen funds it will not take legal action against the hacker.

“We made an engineering mistake, we own up to it,” explained the company.

“You’ve proven your point. If you can return the funds to the users, it would be greatly appreciated by the community, and let’s move on.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Harvest Finance)

[adrotate banner=”5″]

[adrotate banner=”13″]