Decentralized finance (DeFi) protocol Harvest Finance has upped its bounty from $100,000 to $1 million for information leading to the return of $24 million in siphoned funds taken in an exploit Monday.
According to the Harvest Finance Twitter and Discord account, the anonymous Harvest Finance team is offering the bounty for “tracking down” the attacker and returning the funds.
A $50 million flash loan from Uniswap was used Monday on Harvest Finance to sway the price of USDC and USDT pools. Harvest Finance’s pricing feeds – based on Curve Finances stablecoin pools in this case – were manipulated by the flash loan leading to traders suffering large amounts of “impermanent loss” (where token prices change momentarily against investors).
The exploit led to the project’s total value under lock (TVL) dropping 70% from $1 billion to $296 million, according to DeFi Pulse.
The Harvest Finance team implied they knew the identity of the attacker who they said is “well-known in the crypto community” and who left “a significant amount of personally identifiable information,” according to the project’s Discord.
Harvest Finance did not return questions for comment.
The anonymous developer team is currently administering returning $2.5 million in stablecoins given back to the developer contract. The team is also weighing releasing an IOU reserve pool that extracts value from the protocol to reimburse haircut traders, according to announcements in the project’s Discord channel.