Threat Watch

Hacker Steals $24 Million worth of Cryptocurrency from “Harvest Finance” Service

Originally reported by ZDNet, a hacker has stolen $13 million worth of USD Coin and $11 million worth of Tether in a single transaction from the popular cryptocurrency financing site “Harvest Finance.” In a series of public announcements, the admins behind Harvest Finance admitted to making a mistake and leaving a critical flaw in their code that could be exploited in this manner. 

Additionally, the admins announced that the hacker left a lot of personally identifiable information behind. However, they have no interest in “doxxing” the attacker and instead are pleading with the attacker that they return the stolen funds. Around $2 million was returned around 2 minutes after the hack took place, but no money has been returned since.

ANALYST NOTES

Due to the risks surrounding cryptocurrency, Binary Defense recommends against leaving funds in exchanges. There are too many instances of exchanges getting hacked where customers of the exchange become the victims as their own funds are stolen. Instead, Binary Defense recommends for the use of physical (cold) storage like “YubiKey” or “Trezor”, or the use of a digital wallet such as Electrum. Watch out for malware that targets cryptocurrency for theft, and carefully monitor workstations used for major transactions using Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) such as Binary Defense’s services to ensure that attackers have not compromised the system.

https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/