Bitcoin Holds Above $13K; Harvest Finance Hit Hard in $24 Million Flash Loan 'Attack'
Bitcoin rode high on Monday, trading at a daily range of $12,785 — $13,250 before settling to $13,066 as of press time.
Bitcoin’s price is steadily making gains this year, surging past $13,000 for the first time since January 2018.
While the crypto markets ebb and flow this year is perfectly reasonable, the current Bitcoin price should hold steady (till the end of the year at least), according to John Willock, CEO of crypto liquidity firm Tritium Digital Assets.
“This short-term dip down to current levels was a reasonable pullback,” he said. “A steady move upwards in BTC is fully in line with my expectations for the medium-term and through the end of the year.”
“I think that it is possible to keep around $13,000 for the short term,” Willock added. “There will likely be some traders looking to close out longs from the recent run-up that might cause a minor retrenchment,” he concluded.
However, Constantin Kogan, a partner at 'the first crypto fund of hedge funds' BitBull Capital took a different stance. According to him, Bitcoin had positive momentum going for it before its price dropped suddenly, and the trend will only continue further. “We must take into account that a correction is already brewing,” he said. “I think it will happen this week.”
Harvest Finance Takes Huge Blow in Latest Flash Loan Exploit; FARM Drops by Over 65%
While Bitcoin has made headlines for its latest breakthrough, much of the spotlight in the crypto markets is on popular DeFi protocol Harvest Finance. Since its early September launch, the yield farming platform saw its darkest day yet Monday when an exploit allowed a malicious user to move about $24 million in stablecoins from its pools.
According to reports in the community, the attacker used a flash loan to manipulate the prices of DeFi tokens for profit. A flash loan allows a trader to profit from a well-executed trade on a decentralized exchange by leveraging uncollateralized capital.
Although flash loans are an innovative lending method, a person performing a flash loan 'attack' can use their borrowed assets to drop the price across markets in order to manipulate DeFi protocols which rely on price oracles to sell at the desired spot price. The process is usually executed in a single transaction and completed in minutes to prevent the loss of funds.
Commenting on the exploit in a series of tweets, Harvest Finance's antonymous team said “We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime (sic) as soon as additional details are available.”
"The economic attack was performed through the curve y pool, stretching the price of the stablecoins in Curve out of proportion and depositing and withdrawing a large amount of assets through harvest…", the team further said.
According to Etherscan, the attack itself was performed through a series of arbitrage trades between Uniswap, Curve Finance and Harvest Finance. Like other flash loan attacks, the attacker began with a $50 million USDC flash loan from Uniswap, and manipulated stablecoin prices on Curve's y pool by swapping fUSDT and fUSDC multiple times.
Each successful swap was converted to ETH and then tokenized BTC (i.e., WBTC and renBTC, in that order), according to Zerion. The attacker finally exited to BTC, but not before cleaning the funds through Ethereum mixing service Tornado Cash.
In a later tweet, the team reported the attacker sent about $2.5 million back to the Harvest Finance contract in stablecoins USDT and USDC, which would be disbursed pro-rata to affected users using a snapshot.
The latest exploit drove the platform’s native token, FARM, down 65% in less than an hour. The total value locked (TVL) in the protocol has also dropped from over $1 billion before the exploit to $406.9 million as of press time.
Interestingly, Harvest Finance's latest attack joins a group of similar attacks on DeFi protocols in 2020. Lending platform bZx was the first to be hit by a flash loan exploit earlier in February.