Decentralized finance (DeFi) protocol Yearn Finance has fallen victim to an attack which occurred on Aave version 1, leading to the theft of about $11 million worth of Dai (DAI), Tether (USDT), USD Coin (USDC), Binance USD (BUSD) and Tru USD (TUSD) tokens, according to an investigation carried out by blockchain security firm PeckShield.
“It appears the root cause is due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by swapping to other stable coins,” PeckShield said in a tweet, before adding that the root cause of the exploit “is due to misconfigured yUSDT, not related to” Aave.
Yearn Attempts To Calm Down Users Following Exploit
In the meantime, Yearn Finance’s team has reacted to the latest development with a statement designed to calm down its users.
“We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols,” the protocol tweeted.
“iearn is an immutable contract predating YFI, it was deprecated in 2020. Vaults v1, with upgradeable strategies, was also deprecated in 2021. There’s no indication it’s affected. The current version, Yearn v2 Vaults (written in Vyper), remains unaffected as well,” Yearn Finance said.
The protocol added its team is currently further investigating the issue.
DeFi protocols team up
The latest exploit comes roughly two months after Yearn Finance joined forces with a number of leading DeFi protocols to champion decentralization, launching a Twitter campaign together with more than 30 projects. In addition to Yearn Finance, the campaign’s participants included Element, CoW Swap, Balancer, Aura Finance, Euler, Gearbox, Dopex, Pods, Opyn, SushiSwap, DegenScore, MakerDAO, Stake DAO, Zerion, Ajna, Aave, Oasis.app, and Pods Finance.
“There is something special happening in decentralized finance. This campaign celebrates what makes DeFi different from the systems it seeks to replace – executed in a way that could only work in this space. We hope it will serve as yet another reminder that, in the wake of CeFi blow-ups, DeFi stands apart not only through its technological composability but also its shared values,” said Draper, Yearn Finance’s chief marketing officer.
Set up in 2018, PeckShield was launched by Xuxian Jiang, the former chief scientist at Qihoo 360. Some of the company’s major investors include Beijing-based venture capital firm Gaorong Capital, according to data from PeckShield.
Credit: Source link
