Decentralized finance (DeFi) protocol Harbor was exploited today in an ongoing attacks, according to blockchain security firms DeDotFi and PeckShield.
Any ETH sent to the contract address is increased by 80% and returned back to its sender. So if you send it 10 ETH, you will get back 18 ETH instantly back to the address you sent it from. So far, the attack is still ongoing and ETH continues to be drained from the contract, displayed below in bold.
0x1c1AcCffe2786427c2f9aC5F243E40b35Dcb4d31
As shown below, someone tested it a few minutes ago and got back over 10.5 ETH.
(We recommend not sending because it will make recovery of the missing assets harder.)
$7.2M or around 4326 ETH has been drained out of a total of $80 million, so we expect it to continue for a while to come.
wow major defi attack ongoing!!
— ママ活 神奈川 (@Belen24360808) August 30, 2023
i just sent 2 eth to smart contract, got back 3.6 to Metamask!!
Harbor is one of the crypto lenders on the Optimism network. Initial reports mentioned over 7,160 ETH stolen, worth nearly $12 million, but were later revised to $7.2 million. The attackers targeted the DebtManager periphery contract.
DEFI glitch ongoing!! received 4 ETH in coinbase now!! lol
— Ryland Hale (@hale_rylan9911) August 30, 2023
“The attacker passed in a malicious market contract address, bypassing the permit check. Due to the irrovocable nature of smart contracts, the $80 million cannot be recovered, so eventually it will all be drained“
i hope they fix this!! $80 million gone. just got mine. ha ha let's gooo!!!
— hanae ciimia (@HanaeCimia) August 30, 2023
eth came now!!
wgmi!!
The attacks follow a number of security incidents across the DeFi ecosystem over the past few weeks. On July 30, a vulnerability in three versions of the Vyper programming language resulted in over $61 million being stolen from stablecoin pools on Curve Finance. Other protocols compromised in the past days include Earn.Finance, with at least $287,000 worth of ETH stolen, in addition to $2.1 million in losses incurred by Zunami Protocol in another exploit.
Magazine: DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more powerful