Decentralized finance (DeFi) protocol Harbor was exploited today in an ongoing attacks, according to blockchain security firms DeDotFi and PeckShield.

Any ETH sent to the contract address is increased by 80% and returned back to its sender. So if you send it 10 ETH, you will get back 18 ETH instantly back to the address you sent it from. So far, the attack is still ongoing and ETH continues to be drained from the contract, displayed below in bold.

0x1c1AcCffe2786427c2f9aC5F243E40b35Dcb4d31

As shown below, someone tested it a few minutes ago and got back over 10.5 ETH.

(We recommend not sending because it will make recovery of the missing assets harder.)

$7.2M or around 4326 ETH has been drained out of a total of $80 million, so we expect it to continue for a while to come.

As far as we know, this is the first attack in which anyone can participate. It works on all exchanges and wallets. Users on Binance and Coinbase report getting back free ETH instantly after sending to the contract.

wow major defi attack ongoing!!

i just sent 2 eth to smart contract, got back 3.6 to Metamask!!

— ママ活 神奈川 (@Belen24360808) August 30, 2023

Harbor is one of the crypto lenders on the Optimism network. Initial reports mentioned over 7,160 ETH stolen, worth nearly $12 million, but were later revised to $7.2 million. The attackers targeted the DebtManager periphery contract.

DEFI glitch ongoing!! received 4 ETH in coinbase now!! lol

— Ryland Hale (@hale_rylan9911) August 30, 2023

“The attacker passed in a malicious market contract address, bypassing the permit check. Due to the irrovocable nature of smart contracts, the $80 million cannot be recovered, so eventually it will all be drained“

i hope they fix this!! $80 million gone. just got mine. ha ha let's gooo!!!

eth came now!!

wgmi!!

— hanae ciimia (@HanaeCimia) August 30, 2023

The attacks follow a number of security incidents across the DeFi ecosystem over the past few weeks. On July 30, a vulnerability in three versions of the Vyper programming language resulted in over $61 million being stolen from stablecoin pools on Curve Finance. Other protocols compromised in the past days include Earn.Finance, with at least $287,000 worth of ETH stolen, in addition to $2.1 million in losses incurred by Zunami Protocol in another exploit.

Magazine: DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more powerful

The United States Securities and Exchange Commission (SEC) is likely to approve multiple applications for Ether futures exchange-traded funds (ETFs) at the same time, The Wall Street Journal reported, citing sources familiar with the matter. 

Since July, the regulator has been flooded with applications from several investment firms, including requests combining futures Bitcoin

and Ether

ETH

$1,719

strategies. So far, the SEC has not instructed the firms to withdraw their applications, unlike in 2021, when firms were instructed to withdraw similar applications. This suggests that the regulator won’t block the fund’s launch within a few weeks, according to WSJ sources.

At least 16 applications for Ether or Bitcoin-Ether futures ETFs are awaiting regulatory approval. Ether is the native coin of the Ethereum blockchain, used for peer-to-peer transactions within the decentralized network. A crypto futures ETF tracks the performance of crypto futures contracts. For example, instead of investing directly in Bitcoin or Ethereum, a crypto futures ETF invests in futures contracts that are tied to the price of these digital assets.

With the prospect of crypto futures approval looming, the SEC keeps receiving requests. Earlier this week, asset management firm Valkyrie filed for an Ether futures ETF and a previous application combining a Bitcoin-Ether futures strategy. Valkyrie is the first in line in this race and could see its BTC-ETH ETF debuting in early October.

In the ETF industry, first-mover advantage is important. According to the WSJ, citing data from Morningstar, the first futures Bitcoin ETF approved from ProShares has gathered $1 billion in assets under management since its inception in October 2021, while Valkyrie’s similar product, launched a few days later, amassed nearly $28 million in assets under management.

In another major decision affecting the crypto industry, the SEC has yet to decide whether to approve a spot Bitcoin ETF in the United States. Players waiting for approval include Wall Street giants Fidelity and BlackRock. According to the application’s timeline, the SEC has until January to deliver a final verdict.

Magazine: Deposit risk: What do crypto exchanges really do with your money?