<

Yearn Finance Suffers $11.6M Hack Through Aave V1 Protocol, Involving Misconfigured yUSDT Token

On April 13th, a suspicious transaction was detected by Peckshield, a DeFi technical auditing firm. Notably, two well-established projects in the decentralized finance market, Yearn Finance and Aave, were involved in this incident.

Initial analysis suggested that this was an attack targeted at Yearn Finance, with funds being leveraged from Aave using a flash loan. However, some users were concerned that Aave may also be impacted as there were some strange actions related to its lending product. The transactions related to Aave were Repay transactions into the Core V1 pool of the product.

Marc Zeller, the representative of Aave, tweeted that Aave V1 has been frozen since December 2022, so it is unlikely that any users can deposit or increase their borrow size, making the issue unlikely but not impossible. Zeller also stated that the Aave team was aware of the situation and ongoing research was being conducted, with more information to be released when more clarity is available. A snapshot vote was also conducted to allow governance to decide on the offboard of V1.

In any scenario, users are free to repay or withdraw their funds from V1 using the classic app. The current size of V1 is $18M, while the current size of the Aave safety module is $382.50M. With further research, it was concluded that the impact on Aave V1 is likely to be null, and there will be zero impact on V2 and V3.

The white hat hacker Samczsun believes that the yUSDT version of Yearn has had a bug since the initial deployment. This version was misconfigured with the contract address mistakenly set to Fulcrum iUSDC instead of iUSDT.

Currently, $10M has been withdrawn from Yearn Finance and is located in a wallet with the address “0x16A…74A5”. Meanwhile, the second wallet with the address “0x5ba…fE0” is still performing similar attacks.

Overall, this incident highlights the importance of constant vigilance in the DeFi space. While the impact on Aave V1 appears to be minimal, it is crucial to remain aware of potential vulnerabilities and take necessary precautions to safeguard user funds. The DeFi market continues to evolve rapidly, and it is essential for all participants to stay informed and up-to-date on the latest developments.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like

LATEST NEWS

LASTEST NEWS