CRYPTO MOVERS AND PRICES
Crypto is lower this morning following a broad pullback in risk assets. While off highs, BTC has managed to, for the most part, remain above USD 13,000.
Crypto Story of the Day
This week, Harvest, a yielding DeFi protocol, was exploited by a hacker that led to a loss of just under the equivalent of $25 Million and effectively collapsed the venue. The team behind Harves blamed an "engineering error." We believe this is a blueprint for future similar scenarios for these untested technologies that have attracted outsized assets within months.
Harvest is a decentralized lending pool in the vein of Compound Finance, which pays users in its FARM token and others. It is about 50 such platforms that have attracted over USD 10M equivalent assets to its pools. Before they announced the attack, Harvest had over USD 550M equivalent 'locked' in its protocol. In a Medium post, the team details what they refer to as an 'engineering error.'
On a closer read, the engineering error seems to be more of a math/process error. An attacker was essentially able to warp lending pools with large deposits that would allow them to remove more than they had uploaded to the platform amid a slew of coincident transactions. The write-up describes the hacker depositing as much as USD 50M in a pool at once as a part of the attack.
We have been vocal dissenters against the exponential growth in 'locked assets' on platforms like Harvest. While we have pointed to regulatory issues and the threat of an unwind as risks to participation, 'engineering errors' are equally problematic for these new protocols. Double spend issues or general vulnerability attacks are a defining characteristic of blockchain technology. Bitcoin's ability to manage and eliminate such problems is one of the fundamental contributors to its over decade-long existence and security.
Platforms like Harvest and others are not necessarily innovating new technologies to run their lending pools. Still, they are operating under the definitely new assumption that you can maintain such a complicated system with protocols and processes established on Day 0 with minimal future human intervention. That leap makes the risk of other attacks, similar to what was seen with Harvest, elevated.