Beosin Security Discovers Harvest Project Fraudulent Transfer of Funds

03/20/2023 17:54 • Tech Ticker • 138 views

It is reported that on March 19, 2023, Harvest was discovered according to monitoring by the blockchain security audit company Beosin_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars. The Beosin security team discovered through on-chain data that an attacker used owner privileges to transfer the USDT pledged by the user in the HarvestKeeper contract by calling the getAmount function. Subsequently, the attacker utilized the user’s token authorization for the EOA (0x250… c14) account, thereby transferring user funds through the EOA multiple times. It is recommended that the user cancel the authorization for the EOA. Currently, the stolen funds are stored in multiple addresses, most of which are stored in 0x92288f964ae8fce23e8d337422ad66eefc333670.

Security company: Harvest_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars

Analysis based on this information:

According to recent reports, on March 19, 2023, a fraudulent transfer of funds involving approximately 933000 US dollars was discovered by blockchain security audit company Beosin_ Keeper project. Harvest, a decentralized finance protocol that allows users to earn rewards by staking assets, was found to have maliciously transferred user funds. Beosin’s security team discovered through on-chain data that the attacker exploited owner privileges to transfer USDT pledged by the user in the HarvestKeeper contract. By calling the getAmount function, the attacker was able to utilize the user’s token authorization for the EOA (0x250… c14) account, resulting in multiple transfers of user funds.

This news highlights the importance of frequent security audits by blockchain security companies such as Beosin. By carefully monitoring on-chain data, Beosin’s security team was able to detect this fraudulent transfer of funds by Harvest’s Keeper project before it could cause extensive damage. Users are advised to cancel the authorization for the EOA to minimize the risk of similar attacks to their accounts.

Currently, the stolen funds have been identified to be stored in multiple addresses, with a large portion stored in 0x92288f964ae8fce23e8d337422ad66eefc333670. As it is unknown who the attacker is, it’s uncertain as to whether the stolen funds can be recovered. However, it is recommended that users keep an eye on further updates and news regarding the stolen funds.

In conclusion, this message reaffirms the importance of safeguarding user funds against malicious attacks in the blockchain space. With the increasing popularity of DeFi protocols such as Harvest, it’s crucial for users to remain vigilant and perform frequent security checks to prevent potential loss of funds.

This article and pictures are from the Internet and do not represent SipPop's position. If you infringe, please contact us to delete:https://www.sippop.com/4950.htm

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.