The potential suspicious activity of the Harvest Keeper project

--

If you are a victim We encourage you to engage in law enforcement and if you need further assistance please contact us at
TG:
https://t.me/securi_lab
EMAIL: contact@seucri-lab.com

And we have disclosed information about KYC on our website.
https://securi-lab.com/our-case/harvest-keeper/

[21 March 2023 — Thailand UTC+7 time] Update on the incident and tracking funds flow and confirmed all social media account that is related to Harvest Keeper has already been deleted

The latest movement from the report of our team (IR), we found that the said Address that we have moved the monitor.

Address that we have followed more after the incident.

~$709,885 BSC-USD
1.https://bscscan.com/address/0x92288f964ae8fce23e8d337422ad66eefc333670

~$98,917 BSC-USD
2.https://bscscan.com/address/0x7704204c08d96d5d7472c01c0d2b8d44048e372a

~$201,306 BSC-USD only on BNB Chain [ETH Chain ~$30,901 | Polygon Chain~$1,222]
3.https://bscscan.com/address/0x15a8abbbd1b3ff9217e2f32a7f5e4ac81ca80013

We have detected the movement and follow closely. We reported the victim's group on 20 March — Thailand Time.
We found that there was a movement by transferring assets to
https://bscscan.com/address/0x5c67a52edc7a3cc78fed4845c28e6e444151cf6d#tokentxns

After that, there was movement according to the diagram of the connection below.

Transaction reference on [3] :
https://bscscan.com/tx/0x93e5fcd122d7ba56305e719223224b4ecd0db98d59f49b3b02bbf9b735f0018f
https://bscscan.com/tx/0xaca4f16d9ca03026ad1be1d59d779f8e5a41699d0c8da37cb9ab59e962d4d1f5
https://bscscan.com/tx/0x28edd2fa4fceace684e179c8cdd9fd0efce190ab7b6a811e2be85d5ad8942514

Transaction reference on [6] :
https://bscscan.com/tx/0x93e367fa786513a85fea845bb851752dc8612bf07ddbcb90c05303efdd7b3826
https://bscscan.com/tx/0x84f46d0c6d57cffc7976452fe82ce0f96d2c0ab9ea87fcde0892d9875e8bbcde
https://bscscan.com/tx/0x262f611962c4575203345b640e5dd1af3cfbb5cbd21396a249104a5dee4736d1
https://bscscan.com/tx/0x14bd5f41c7b36553f46b7c244efe47984bcc7b8802a98d2bcd07e8cc060c7495
https://bscscan.com/tx/0x2727b8d4dc4b439466f3fef5552e7ff5f5effb958ba5fad8d1a1257fc313b9bb
https://bscscan.com/tx/0x3619268afc78337872f86f48c4304bbc981434166a07f7011457ed45ffe72af0
https://bscscan.com/tx/0xbe5155a2141eaced8e376a7970734d65d5c26ad076db8f070d1a808cbd159d18

Transaction reference on [4] :
https://bscscan.com/tx/0xd1473e0cc50b5085f33fbcedbdda519c230d2fc025bcd174f047130ba6fd56b9
https://bscscan.com/tx/0x9ed04421e5fc2ec3b6ba34b7481f3051f341a9dd7cbde25c0d344fb5e66f2391
https://bscscan.com/tx/0xcad33bc9d47f0b6a912f5b2bc41c1d5915fb79a0fd2ed2382abfcd7700554cb9

Transaction reference on [7] :
https://bscscan.com/tx/0x9ad4ae427fb7fecfe839eaaab26e3b3d45b5c75a878e9cd4e140a0452e448917
https://bscscan.com/tx/0xf8aaacee4835baac2658048c6487547d9c873d6364c1818de8c9ffa9c8947e95
https://bscscan.com/tx/0xf59bebeaaad50d0aa30ec95832e4835fa9104bedc62dba96d139234a837a9d73
https://bscscan.com/tx/0x75f4a3ae6a96564d56280b1610c0427a7f3affed98161ddc681e022f12caca0d
https://bscscan.com/tx/0x7638d0d524ba8f4bca1ab711f8d86891f17a8838af0f75939068c5a83b9c0df3
https://bscscan.com/tx/0xa83c316b6fa8a5fc29c20279b295c691a8fd0aa9028931834f11e31c0a926f64
https://bscscan.com/tx/0xfb5600ee133dcf11a3b42036bf94da9c225099dddc868ed0392643c4d4f7de1a

We found suspicious destinations. We do not know whether it is related to this crime or not. However, we inform the community and victims.

https://bscscan.com/address/0x0e17aab99e766e090ea5348c741565a7bd73552c#tokentxns

When we check on BSCSCAN, we find that there are many transactions about
“This is a zero-value token transfer Initiated by another Address.”
We do not know what happened with the alert. But it seems that all the relevant Address that we follow has the same transaction.

We would like to inform you that we reported to BNB Chain about this crime on March 19, 2023, and it is believed that our report has been sent to the BNB Chain security team.

And the last thing We found was that the way to contact the Harvest keeper was all closed. Website, Twitter, Telegram Chat, Telegram Chanel, Discord

[20 March 2023 — Thailand UTC+7 time] Update On the incident about Harvest Keeper Scam & Phishing

We have been notified by many users who have fallen victim to this scam. We’ve found that it’s very likely that besides withdrawing the money from the contract, in the case of the getAmount() function call, we encountered an abnormality when pressing the Harvest button on the harvest keeper’s ui interface. Other contract rights, when permitted, transfer assets to an unknown destination address:

0x15A8aBbbD1b3Ff9217E2f32A7F5e4aC81Ca80013

https://bscscan.com/address/0x15a8abbbd1b3ff9217e2f32a7f5e4ac81ca80013

Many victims have reported the matter to SECURI LAB (Thailand) Incident Response Team and provided the same destination address. along with informing the transaction id number to us

We have reviewed and confirmed the incident. That’s why we make additional announcements in this report as well.

Including CERTIK Alert notified the matter as well.

And this is the victim’s testimony. And we have already done verification.

[19 Mar 2023 — Thailand Time]
We have detected a potentially suspicious activity of the Harvest Keeper project, please read this thread for details.

1. Clarify that we do not have any benefit in connection with the Harvest Keeper project and that we have done KYC perform for that only.

The smart contract audit was reviewed by @contractwolf_io and they said an audit is passed with only low issues about Floating Pragma (SWC-103)

2. On March 18, Thailand time We received reports from many people. Along with the Harvest Keeper anomaly report, we have begun an investigation to find out more. We have gathered the following anomalies and questions and questions about the project.

3. We have seen suspicious activity related to this project. At 2023–03–17 16:18:50 (UTC), getAmount() function was called by the owner (remember they have renounced owner) and fetched BNB into the wallet of the contract owner. assert After that swap on Pancakeswap to USDT.

Called Function getAmount() Detail
Relational graph about suspicious activity wallet

They have transferred almost 100,000 USDT to a wallet that has nothing to do with the project. And we questioned and wondered why all the money was transferred to that wallet.

Transaction Hash about that’s Transfer

1000 BSC-USD ($1000)

https://bscscan.com/tx/0xae4738db7e2cbbfe7dbacc2693a7ac1cd98d146feffa81d31aec271583e7e8d8

97,917.190075222961199762 BSC-USD ($97,917)

https://bscscan.com/tx/0x5f4de530388965010b7ec815361ae353cfe02cf7f50789c9aeaae4f410fa3c0a

Transaction Hash about that’s called function getAmount()

https://bscscan.com/tx/0x8d171df1e9744daf75e3e552cacbe064fa967bd1e45045da3aef3a142275054d

4. At the same time we noticed another anomaly, at 2023–03–17 16:16:53 (UTC), the Owner(remember they have renounced owner) did the same thing by calling the getAmount() function and fetching funds. From pool BNB-BSC/USD worth 709,885 BSC-USD thereafter send all to 0x04956725a7a04baa29fa26ed2f572b54b5593744

Called Function getAmount() Detail
Relational graph about suspicious activity wallet

Transaction Hash about that’s Transfer

1000 BSC-USD ($1000)

https://bscscan.com/tx/0x05196cf15565f31ed229f5387e1c98bf724bf7688176ba3758c88fdbca2fcbcf

100,000 BSC-USD ($100,000)

https://bscscan.com/tx/0x23a48efaca65b8caa84079b3f1ab79d337694e11cab1c32f07f219d7fb3f8fab

200,000 BSC-USD ($200,000)

https://bscscan.com/tx/0x23a22750b3f2dbc86448c1403d23afe16c2714cb93014ddb8e0c3c20dc239111

200,000 BSC-USD ($200,000)

https://bscscan.com/tx/0xd47559bae9af43f68a9de3d198c616c78b94ddc9b366986055d892062381dd23

208,885.575912844921266588 BSC-USD ($208,885.5759)

https://bscscan.com/tx/0x33ede7760aab2e374543c3086142ed08a59ebac3ac5b16036e32e0d05e971dea

Transaction Hash about that’s called function getAmount()

https://bscscan.com/tx/0x3c9e53a91cde4a366d02692a94128e28e71e86a51d2cb546b70142add4a8809b

5. The Harvest Keeper project blocks all public communications. Users are unable to interact or discuss in groups, including Telegram Groups, Discord, and public comments on Twitter.

Harvest Keeper Social Media
Twitter: https://twitter.com/Harvest_Keeper
Discord: https://discord.gg/nDAbzwHdR8
Telegram Chat: https://t.me/Harvest_Keeper_chat
Telegram Channel: https://t.me/HarvestKeeperAI

6. 12:00 AM · Mar 19, 2023 (UTC+7) Harvest Keeper has announced the rescheduling of the contract update to Mar 19, 2023 around 17:00 UTC.

https://twitter.com/Harvest_Keeper/status/1637136784940490752

Such activities are quite unusual. We recommend users to stop using and revoke permissions for security purposes. because the project lacks transparency And there is an unusual practice of drawing money from the contract and transferring it to a destination account that is not related to the project.

SECURI LAB AND IR TEAM FOR OUR Situation Response will monitor the situation closely If you are a victim or have evidence or require various reports please contact us

Follow SECURI LAB On:
Website: https://securi-lab.com/
Twitter: https://twitter.com/SECURI_LAB
Telegram: https://t.me/securi_lab
Medium: https://medium.com/@securi

--

--

SCRL - Blockchain & Web3 security | Audit | KYC
SCRL - Blockchain & Web3 security | Audit | KYC

Written by SCRL - Blockchain & Web3 security | Audit | KYC

SCRL- Blockchain & Web3 Smart Contract Audit, KYC, Investigation

No responses yet