Harvest Project Targeted in Malicious Transfer of User Funds

Harvest Project Targeted in Malicious Transfer of User Funds

It is reported that on March 19, 2023, Harvest was discovered according to monitoring by the blockchain security audit company Beosin_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars. The Beosin security team discovered through on-chain data that an attacker used owner privileges to transfer the USDT pledged by the user in the HarvestKeeper contract by calling the getAmount function. Subsequently, the attacker utilized the user’s token authorization for the EOA (0x250… c14) account, thereby transferring user funds through the EOA multiple times. It is recommended that the user cancel the authorization for the EOA. Currently, the stolen funds are stored in multiple addresses, most of which are stored in 0x92288f964ae8fce23e8d337422ad66eefc333670.

Security company: Harvest_ Keeper project has maliciously transferred user funds, involving an amount of approximately 933000 US dollars

Analysis based on this information:


On March 19, 2023, the Harvest project became the target of a malicious transfer of user funds. According to monitoring by the blockchain security audit company Beosin, the malicious transfer involved an amount of approximately 933,000 US dollars. Beosin’s security team discovered the attack through on-chain data and determined that the attacker had used owner privileges to transfer the USDT pledged by the user in the HarvestKeeper contract.

The attacker then utilized the user’s token authorization for the EOA (0x250… c14) account to transfer the user funds multiple times. It is recommended that the user cancel the authorization for the EOA account to prevent any future unauthorized transfers. Currently, the stolen funds are stored in multiple addresses, with most of them believed to be stored in 0x92288f964ae8fce23e8d337422ad66eefc333670.

This attack highlights the importance of blockchain security and the need for constant monitoring and auditing. It also underscores the need for users to be vigilant in protecting their digital assets by regularly reviewing their accounts and authorizations.

The Harvest project is a decentralized finance (DeFi) platform that allows users to deposit and earn rewards through a variety of pools. DeFi platforms have been gaining popularity in recent years due to their promise of decentralized access and anonymity, but incidents like this raise concerns about security and highlight the risks involved.

In conclusion, the malicious transfer of user funds in the Harvest project is a stark reminder of the need for vigilance and oversight in the rapidly evolving world of blockchain technology. Projects like Beosin play an important role in ensuring the security and integrity of blockchain ecosystems, and users must remain cautious and informed to protect their digital assets.

This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/5941/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.