Decentralized finance protocol Yearn Finance was hacked earlier today, resulting in the loss of millions of dollars worth of crypto assets. According to blockchain security firms, the attacker was able to drain over $11 million worth of stablecoins from Yearn Finance. PeckShield Inc. reported that the exploit occurred on an early version of Yearn Finance called iearn. Early reports suggested that Yearn and fellow DeFi protocol Aave were impacted by the attack, but Aave later confirmed on Twitter that Aave V1 was not affected.
Blockchain security firms scrambled to find the root cause of the exploit and subsequently identified Yearn Finance’s misconfigured stablecoin yUSDT as the root vulnerability. Peckshield’s investigation revealed that the hacker exploited this vulnerability to mint a significant amount of yUSDT, 1,252,660,242,212,927.5 to be precise, using just 10,000 USDT. The newly minted yUSDT were cashed out using other dollar-pegged stablecoins.
On-chain analytics firm Lookonchain revealed that the hacker’s loot included 3.03 million DAI, 2.5 million USDC, 1.7 million BUSD, 1.5 million TUSD, and 1.1 million USDT. In a message to its Twitter community, Yearn Finance stated that the impact of the exploit was limited to iearn, an outdated contract that was deprecated in 2020. Yearn V2 Vaults are reportedly unaffected.
The exploit had a considerable impact on the tokens associated with Yearn Finance and Aave. AAVE experienced a relatively small decrease of 2.15% in its price, which was subsequently restored. Yearn Finance’s YFI token, on the other hand, tanked 4.6%, reaching as low as $8,942, before recovering to $9,175.
This latest hack highlights the vulnerabilities that exist within the DeFi space, and the need for increased security measures. It also emphasizes the importance of regularly updating and maintaining smart contracts to avoid such attacks. Yearn Finance has assured its community that it is taking steps to address the vulnerability and prevent future exploits.