Subscribe & Save 5% on Cryptonary Pro!
X
DeFi

DeFi platform Yearn Finance suffers exploit, vault loses $11 million

  • Yearn Finance exploited in a flash loan attack.
  • The hacker got away with $2.8 million.
  • Yearn Finance’s governance token is recovering after plunging in the wake of the breach.

Update:

Tether announced via social media that they have frozen the $1.7 million stolen as part of the Yearn Finance hack.

 

 

Popular decentralized finance (DeFi) project Yearn Finance has fallen victim to a flash loan attack.

Yearn.Finance confirmed on social media on Thursday that one of its pools of funds was breached, resulting in a loss of $11 million.

The exploit

Yearn. Finance said that the DAI v1 vault was exploited. And protocol managed to mitigate the attack. 

A core developer with Yearn.Finance shared more details about the exploit, revealing that the attacker got away with $2.8 million even though the pool lost a total of $11 million.

After containing the attack, the protocol is now investigating the exploit and has suspended all deposits into V1 DAI, USDC, USDT, and TUSD as a safety measure.

Flash loan attack

The hacker got away with 513,000 DAI, $1.7 million in Tether (USDT), and the remaining $506K in CRV.

Stani Kulechov, the founder of DeFi liquidity protocol Aave, explained that the attacker completed the “complex exploit with over 160 nested transactions” across several DeFi platforms and paid $5K in gas fees for the breach.

A simplistic description of the breach shows that the attacker flash-loaned 116K ETH from dYdX and 99K Ether from Aave V2. The attacker proceeded to borrow 134 million USDC and 36 million DAI using Ether as collateral on Compound and then withdrew 165 million USDT from the 3crv Curve pool.

The entire process described above was repeated five times.

Furthermore, the attacker deposited 93 million DAI to yDAI vault and added 165 million USDT to the 3crv pool. The hacker withdrew 92 million DAI from the yDAI vault and 165 million USDT from the 3crv pool. 

The attacker withdrew 39 million DAI and 134 million USDC instead of Tether. Then repaid Compound debts and flash loans.

YFI plunges 

The hack seems to have affected Yearn Finance governance token as YFI plunged from $34,600 to a low of $30,256 with an hour.

YFI token tanks following flash loan attack. | Source: CoinMarketCap

However, the governance token is on a recovery path as it is trading above $32,300 at the time of writing.

According to DeFi Pulse, Yearn Finance’s total value locked has remained generally stable and dropped 3% in the last 24 hours to a current value of $490.4 million.

 

This story has been updated.

Sign up for our FREE mailing list

Join 12,590 others now and get actionable research and analysis sent directly to your inbox.

Post a Comment

GET YOUR FREE WEEKLY CRYPTO BRIEF

Delivered to your inbox, every Sunday evening.