HarvestKeeper Project Hit by Malicious Transfer Attack

03/20/2023 17:54 • Metaverse Matters • 86 views

It is reported that on March 19, 2023, Harvest was discovered according to monitoring by the blockchain security audit company Beosin_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars. The Beosin security team discovered through on-chain data that an attacker used owner privileges to transfer the USDT pledged by the user in the HarvestKeeper contract by calling the getAmount function. Subsequently, the attacker utilized the user’s token authorization for the EOA (0x250… c14) account, thereby transferring user funds through the EOA multiple times. It is recommended that the user cancel the authorization for the EOA. Currently, the stolen funds are stored in multiple addresses, most of which are stored in 0x92288f964ae8fce23e8d337422ad66eefc333670.

Security company: Harvest_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars

Analysis based on this information:

On March 19, 2023, the HarvestKeeper project was hacked, causing the loss of user funds amounting to approximately $933,000, according to a report by Beosin, a blockchain security audit company. The attack was carried out by an attacker who utilized the getAmount function to transfer USDT pledged by users in the HarvestKeeper contract. The attacker went on to exploit the user’s token authorization for an EOA (0x250…c14) account, leading to the multiple transfer of user funds through the EOA.

The Beosin security team detected the malicious transfer through on-chain data. Currently, the stolen funds have been traced to multiple addresses, with a significant number stored in 0x92288f964ae8fce23e8d337422ad66eefc333670.

The attack on the HarvestKeeper project is a pointer to the potential dangers of decentralized finance (DeFi) protocols. It highlights the risk of smart contracts, which, while autonomous and trustworthy, are programmable and vulnerable to coding errors or malicious exploits. Such exploits can lead to the loss of user funds, as experienced in this attack.

The incident underscores the need for transparent and secure smart contract code auditing and the importance of monitoring DeFi projects for any anomalous or malicious activity. It demonstrates that while blockchain technology is secure, user funds are still susceptible to attacks through backdoors, coding errors, or other vulnerabilities.

In light of the attack, it is recommended that users cancel the authorization for the EOA, as it is still active and can be exploited. It is also essential for DeFi users to exercise caution and due diligence when using DeFi protocols, including verifying the security of smart contract codes before committing funds.

In conclusion, the HarvestKeeper project attack is a warning that no DeFi protocol is immune to exploits or malicious activity. Cybersecurity measures must be taken seriously to prevent the loss of funds and protect the integrity of blockchain projects.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/03/20/harvestkeeper-project-hit-by-malicious-transfer-attack/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.