Earning.Farm
Summary
Earning.Farm is an Ethereum-based DeFi yield aggregator that deployed leveraged yield strategies on top of Aave. The protocol suffered two distinct security incidents — a flash loan attack in October 2022 that drained approximately 750 ETH (~$950,000), followed by a reentrancy exploit in August 2023 that resulted in an additional ~$528,000 loss. The protocol has been flagged by ZachXBT and has shown no evidence of recovery, compensation to users, or resumed operations following either incident.
Connected Entities
1 entitiesTimeline(3 events)
2022-10-14
Earning.Farm's EFLeverVault contract is targeted by two successive flash loan attacks. A total of approximately 750 ETH (~$950,000) is drained: 480 ETH captured by an MEV bot front-running the attacker, and 268 ETH extracted by the attacker directly. Supremacy Inc. publicly discloses the incident.
2023-08-09
A reentrancy attacker exploits a logic flaw in EFVault's withdraw function across nine transactions, taking a flash loan of 80,000 ETH and draining 291.64 ETH (~$528,000 at the time). PeckShield alerts the community. Stolen funds are moved to two consolidation wallets.
2023-08-10
Attacker transfers stolen funds to consolidation addresses. Earning.Farm team sends on-chain message to the attacker offering a 10% bounty (~$52,800) in exchange for return of remaining funds and cessation of third-party investigations. No public response from attacker is recorded.
Decision Log
- hash: 3A6Rd25GmXUoP71n4Yu4wah47RicZDXrmztPBpPqrHgC
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:39 AM
last updated: 5/30/2026, 11:47:48 AM
avoid.net — verified advice for a post-truth world