A possible exploit in decentralized finance (DeFi) protocol Harvest Finance has sent the platformâs native token, FARM, tumbling by 65% in less than an hour, according to CoinGecko.
According to reports surfacing early Monday, upwards of $25 million in value has been drained from Harvest Finance pools and swapped for renBTC (rBTC) by an unknown attacker. Other funds have been mixed through Tornado Cash, an Ethereum obfuscation software. Following the attack, investors appear to have pulled roughly $350 million from the site.
âWe are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime (sic) as soon as additional details are available,â the anonymous team behind Harvest Finance said in a tweet.
The team further said the âeconomic attackâ was made possible by manipulating stablecoin prices on Curve Finance, another DeFi protocol that Harvest Finance contracts interact with.Â
Read More: Uniswap, Curve Daily Trading Volumes Surges Past $2B, Likely Driven by Harvest Attack
The projectâs admins claim to have withdrawn â100% of stablecoin and BTC curve strategy fundsâ to the vault and âare moving to block deposits to the Stablecoin and BTC vault,â the Harvest Team said in the projectâs Discord at 4:45 UTC.
Harvest Finance did not return questions by press time.
The attack comes after DeFi analyst Chris Blec claimed Harvest Financeâs administrators held an âadmin key that can drain fundsâ locked in the protocolâs contracts. Itâs unclear at this stage in the exploit what role the admin key or the anonymous team behind the protocol have to do with the sudden drain in assets. Blec did not return a request for comment by press time.
Harvest Finance had over $1 billion in total value locked (TVL) just prior to the possible exploit being unveiled. TVL has dropped to $673 million as of 5:00 UTC, according to DeFi Pulse.Â
This is a developing story and will be updated when more is known.