Beosin: Harvest Keeper project maliciously transferred $933,000 of user funds

According to ChainCatcher news, the blockchain security auditing company Beosin tweeted that they discovered the fixed income protocol Harvest Keeper maliciously transferring user funds, involving an amount of approximately $933,000.

The Beosin security team found that the attacker exploited owner permissions to transfer USDT collateralized by users in the HarvestKeeper contract by calling the getAmount function. Subsequently, the attacker used the token authorization from users to the EOA (0x250…c14) account to transfer user funds multiple times through this EOA. Users are advised to revoke authorization for this EOA. Currently, the stolen funds are dispersed across multiple addresses, with most of them stored in 0x92288f964ae8fce23e8d337422ad66eefc333670. (Source link)