Beosin: Harvest Keeper project maliciously transferred $933,000 of user funds

2023-03-20 07:40:23

Collection

According to ChainCatcher news, the blockchain security auditing company Beosin tweeted that they discovered the fixed income protocol Harvest Keeper maliciously transferring user funds, involving an amount of approximately $933,000.

The Beosin security team found that the attacker exploited owner permissions to transfer USDT collateralized by users in the HarvestKeeper contract by calling the getAmount function. Subsequently, the attacker used the token authorization from users to the EOA (0x250…c14) account to transfer user funds multiple times through this EOA. Users are advised to revoke authorization for this EOA. Currently, the stolen funds are dispersed across multiple addresses, with most of them stored in 0x92288f964ae8fce23e8d337422ad66eefc333670. (Source link)

Related tags

Harvest Keeper

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.