Polygon YELD Token Goes To Zero As $250,000 Disappears

Another Polygon Yield Farming token has crashed after attackers found a vulnerability in the platform’s smart contract, exploiting it and minting nearly 4.9 trillion tokens.

The YELD token – which belongs to a DeFi project called PolyYeld Finance that runs on the Polygon network – crashed to zero shortly after the attack.

Pool Drained, Rewards Inflated

PolyYeld Finance smart contract is called MasterChef, designed to distribute rewards for liquidity pool tokens by dividing the pool value by the value of tokens staked. But it seems hackers found a vulnerability in the contract that allowed them to mint xYELD, a deflationary token, reducing the pool value and inflating rewards.

According to Xuxian Jiang, CEO of security firm PeckShield, a deflationary token like xYELD charges a fee on every transaction, so by repeatedly depositing and withdrawing with the contract, the attackers triggered the tax collection, reducing the xYELD balance to 1 WEI.

The attackers swapped 4 percent of minted tokens to 123 ETH – worth around US$250,000 at time of writing – using various decentralised exchanges such as QuickSwap and Uniswap.

2/5
The hack was due to the lack of deflationary token support in MasterChef. Specifically, a deflationary token xYELD charges a fee on its transfers. With repeated deposits and withdraws, the xYELD balance of the pool becomes 1 WEI, which sets the stage for actual exploitation. pic.twitter.com/W7EQA0JVi4
— PeckShield Inc. (@peckshield) July 28, 2021

Hack Highlights the Risks of Yield Farming

This is not the first time in recent months that a yield farming project on Polygon has failed. In response, PolyYeld developers have asked users to unstake their funds, adding that they’re considering compensating all affected users and will report their advances in coming days.

Yield Farming platforms are known for providing high returns to users but, being a decentralised space with no regulations, risks of exploitations, data breaches or scams are always present.

Investors should be wary when entering the DeFi space and consider non-financial DeFi risks, as price fluctuations are not the only ones responsible for lost money.

Prior to the Polygon attack, the most recent target has been THORChain, a DeFi protocol that has been attacked multiple times in the past few weeks.

Disclaimer:
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.

Credit: Source link