The anatomy of a $25m DeFi hack on Ethereum

The decentralized finance space has once again come under the spotlight after another hack or exploit took place.

The yield-earning platform had garnered much attention over recent weeks after a number of notable DeFi investors began to mention and use the platform.

Late on the evening of Oct. 25, Ethereum users began to notice large transactions taking place on-chain that involved a number of crucial DeFi applications: Uniswap, Curve, and Harvest Finance.

Analysts quickly highlighted that the attacker was likely completing some sort of arbitrage attack, where they utilized flash loans to systematically drain funds from Harvest due to inefficiencies between protocols.

In all, $25 million worth of stablecoins were stolen from the Harvest Finance pools through multiple of these transactions.

There were some rooting for Harvest because they were the first fully anonymous DeFi team to have built a DeFi application at that scale.

This is far from the first flash loan-based attack on a DeFi application.

Finance founder Andre Cronje released test contracts for an on-chain gaming experience called Eminence Finance.

Other DeFi attacks have also leveraged flash loans to rapidly arbitrage out inefficiencies between DeFi protocols, enabling funds to be stolen or at least transferred from those without knowledge of the arbitrage to those with knowledge of it.

It could be argued that these are not "Exploits" per se but just natural inefficiencies in the DeFi market.