What Did We Learn About Anonymity From the Harvest Finance $24 Million Hack?

October 26th brought us the latest news bomb in the cryptocurrency market as one of the most prominent DeFi platforms, Harvest Finance was hacked for $24 million in USDT and USDC stablecoins. While that amount might not be as huge as what was taken during the Mt. Gox attack, it definitely unveiled some serious issues in the DeFi and cryptocurrency space in general.

The attacker used the flash loan tactics to obtain the funds from the platform’s stablecoin and Bitcoin (BTC) pools. Naturally, users started fleeing from Harvest Finance, leaving it without a total of over $400 million of liquidity.

The Hacker’s Morale

In the aftermath of this unfortunate event, the anonymous Harvest Finance developers reported that the attacker returned $2,478,549.94 to the ETH deployer address, which represents roughly 10% of the total amount stolen. As strange as this hacker’s return policy is, this is not the first time something like that happened.

On September 29th, a similar flash loan attack happened on the new yEarn Finance platform, Eminence when the attacker hacked the platform for $15 million. The Eminence developer, Andre Cronje afterward took to Twitter to reveal that 50% of the stolen amount was returned to his deployment account.

While Cronje is far from the anonymous player in the crypto space, the Harvest Finance development team’s identity is still a mystery. Therefore, and rightfully so, the community started asking valid questions about the possible rug-pulling scenarios. Especially since the anonymous team refused to give up centralized control over what was then a $1 billion TVL (total value locked) project just a day before the hack took place, which brings us to the following topic.

The Anonymity in the Cryptocurrency Market

Since the very beginning of Bitcoin, anonymity was an important part of the cryptocurrency market. Although never blatantly disclosed, the obvious reason for identity-hiding mechanisms’ implementation was to conceal the financial traffic from the government’s scrutiny. That way, cryptocurrencies remained out of the financial establishment and, as such, perfect for those struggling with all the downsides of the traditional financial systems, such as distrains.

However, the anonymity guaranteed by the encryption and first exploited by the inventor of Bitcoin, Satoshi Nakamoto, began being misused by shady market players. For example, back in 2017, during the world’s greatest bull market cycle, anonymous Bitconnect developers conducted a widely accepted pyramid scheme that came crashing down on investors not long after the launch. Naturally, a lot of people lost significant amounts of money in the process. Thus, for the first time in the cryptocurrency market, it was obvious that the same anonymity which gave crypto users an extra layer of freedom has a dark side to it.

Still, a great percent of crypto investors chose to remain blind to the issue, constantly repeating one of the most common phrases in cryptocurrencies — such is the nature of crypto.

The Change in Market Conditions Should Change the Way Investors Think

Back in 2017, the market was still, figuratively, in diapers. This means that big players were still waiting in crypto suburbs, waiting to see what happens next. Nowadays, when we have the likes of PayPal rushing into the industry, the overall crypto landscape is radically changed.

Today, an investor should practice an extreme amount of caution while investing hard-earned funds. Especially that in today’s crypto market, there is much more to choose from. Therefore, if an individual has an opportunity to invest in a project with an anonymous development team behind it, he can also choose its counterpart with a transparently disclosed team because it makes much more sense to know who to hold accountable if the deal goes sour.

However, not all cryptocurrency projects have the same governance system, and that’s what needs to be explained before anything else.

Centralization Issues

Since Bitcoin is still a pivotal point of the crypto market, let’s take it as a prime example of decentralization in finance. While BTC had its original developer in the form of the mysterious Satoshi Nakamoto, not long after the launch, all decisions related to the platform were left in the hands of users. Thus, miners were left to secure the network and validate transactions, and the wide community was in charge of making crucial network-related decisions. It is that level of democracy and decentralization, without the inventor’s input, that gave birth to the most famous Bitcoin hard fork, Bitcoin Cash (BCH).

On the other hand, some development teams decide to retain full control over their projects. Sometimes, the community decides that this level of centralization is bad for the ecosystem and leaves the platform. That is what happened when Hive hard forked from the first decentralized blockchain-based blogging platform, Steem. However, in this example, the centralized entity gaining control over the platform had fully disclosed identities and, as such, had something we might call identity-at-stake.


Identity at stake can be viewed as a CV. For example, the founder of Ethereum (ETH), Vitalik Buterin, and his foundation decided that the Ethereum network should, among other changes, switch from Proof-of-Work (PoW) consensus-reaching mechanism to its Proof-of-Stake (PoS) counterpart. The decision was made public by the Ethereum Foundation and the migration will be the product of their development. In this instance, Vitalik Buterin, along with all other Ethereum developers, put their identity at stake should the proposed changes reflect negatively on the Ethereum ecosystem.

Another example is Finxflo, with a transparently disclosed governance structure and a c-level executive board visible to the public. Taking into account that these individuals are well-known players in the global financial market, any misconduct taking place on the FXF platform can have a severely negative effect on their business identity.

In the case of Harvest Finance, where developers behind the project remain anonymous despite practicing complete control over the platform, the leading team had virtually nothing at stake except the success of the platform itself. Such success may or may not be related to their vision of personal success, and that’s what investors should be wary of.

If the Market Doesn’t Show Maturity, Investors Should

The pace at which the innovation happens in the crypto space is remarkable. Therefore, investors sometimes feel the need to board the train as swiftly as possible to take advantage of the opportunity. This leads to individuals not doing their due diligence, allowing huge red flags to slip below the radar in the process. That kind of market phenomenon allows such platforms as Harvest Finance to grow in size up to a point where investors have $1 billion locked in the protocol’s smart contracts with nobody to hold accountable for possible governance malpractices.

Throughout history, every emerging market went through changes that eventually formed relevant and discarded bad players. However, with or without regulations, investors are those who should preliminarily weed out those who fail to provide the necessary level of trustworthiness.

Obviously, the hype around DeFi is in such a FOMO (fear of missing out) state that investors do something completely opposite and allow those who hide behind the crypto anonymity to, let’s say it mildly, launch products of questionable quality. Until investors themselves provide that first level of self-regulation, the cryptocurrency market will be a fertile ground for semi-developed products, if not for outright scams.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
FINXFLO - Trade Smarter

FINXFLO is a crypto trading platform focused on security, strict regulatory standards, and deep liquidity across global markets. All via a single access point.