VERDICT —OUT OF SCOPE
Root cause is social engineering — privileged personnel deceived into authorizing the drain. Contract behaved as written. Defense lives in process controls (multi-party approval, M-of-N signoff windows), not in smart-contract review.
▰ METHOD
SOCIAL ENGINEERING
SOCIAL-ENGINEERING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
According to news, the Harvest_Keeper project maliciously transferred user funds, involving an amount of about 933,000 US dollars. Through the data on the chain, it was found that the attacker used the owner authority to transfer the USDT pledged by the user in the HarvestKeeper contract by calling the getAmount function, and then the attacker used the user's token authorization to the EOA account to transfer the user's funds through the EOA multiple times. Attack method (per SlowMist): Insider Manipulation. Reported loss: $ 933,000.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Harvest Keeper
- bug_class
- social-engineering
- date_occurred
- 2023-03-19
- loss_usd
- $933,000
- source_id
- sm:harvest-keeper::2023-03-19
Related — same bug class· social-engineering
2026-05-11
1mo ago
SOL
social-engineering
$2.86M
OUT OF SCOPE
2026-04-01
2mo ago
SOL
social-engineering
$286.00M
OUT OF SCOPE
2026-02-23
3mo ago
—
social-engineering
—
OUT OF SCOPE
2025-09-01
9mo ago
BSC
social-engineering
$2.00M
OUT OF SCOPE
2025-07-24
10mo ago
MULTI
social-engineering
$14.00M
OUT OF SCOPE
2025-04-27
1y ago
—
social-engineering
$100.0K
OUT OF SCOPE