DeFi Protocol Yearn Finance Suffers $11M Exploit – Here’s What Happened
Decentralized finance (DeFi) protocol Yearn Finance has fallen victim to an attack that occurred on Aave version 1, leading to the theft of around $11 million worth of Dai (DAI), Tether (USDT), USD Coin (USDC), Binance USD (BUSD) and Tru USD (TUSD) tokens, according to a investigation performed by blockchain security firm PeckShield.
“It appears that the root cause is due to the misconfigured yUSDT, which is exploited to create huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by exchanging to other stable coins,” PeckShield said in a chirpingbefore adding that the root cause of the exploit “is due to misconfigured yUSDT, not related to” Aave.
Longing for attempts to calm users down after exploitation
Meanwhile, Yearn Finance’s team has responded to the latest development with a statement designed to calm users.
“We are looking at an issue with iearn, an outdated contract from before Vault’s v1 and v2. This issue appears exclusive to iearn and does not affect current Yearn contracts or protocols,” the protocol tweeted.
«ieearn is an immutable contract that predates YFI, it was discontinued in 2020. Vaults v1, with upgradeable strategies, was also discontinued in 2021. There are no indications that it is affected. The current version, Yearn v2 Vaults (written in Vyper), remains unaffected as well,” Yearn Finance said.
The protocol added that the team is investigating the matter further.
DeFi protocols are merging
The latest exploit comes roughly two months after Yearn Finance teamed up with a number of leading DeFi protocols to fight for decentralization, launching a Twitter campaign alongside more than 30 projects. In addition to Yearn Finance, the campaign’s participants included Element, CoW Swap, Balancer, Aura Finance, Euler, Gearbox, Dopex, Pods, Opyn, SushiSwap, DegenScore, MakerDAO, Stake DAO, Zerion, Ajna, Aave, Oasis.app and Pods Finance.
“There is something special happening in decentralized finance. This campaign celebrates what makes DeFi different from the systems it seeks to replace – executed in a way that could only work in this space. We hope it will serve as yet another reminder that, in the wake of CeFi explosions, DeFi differentiates itself not only through its technological composition, but also its shared values,” said Draper, Yearn Finance’s CMO.
Established in 2018, PeckShield was launched by Xuxian Jiang, the former chief researcher at Qihoo 360. Some of the company’s major investors include Beijing-based venture capital firm Gaorong Capital, according to PeckShield data.