HomeDeFiYearn Finance Exploited For $11.6M In Stablecoins

Yearn Finance Exploited For $11.6M In Stablecoins

Yearn Finance, a prominent decentralized finance (DeFi) protocol, suffered an $11.6 million exploit on Thursday due to a bug in a three-year-old smart contract.

Yearn Finance, a prominent decentralized finance (DeFi) protocol, suffered an $11.6 million exploit on Thursday.

The attack was the result of a vulnerability in the deployment of one of the early Yearn vaults dating back to February 2020, which involved deposits of Tether (USDT). This vault has long been officially abandoned by the protocol, but was still able to be exploited.

The attacker used a flash loan and multiple DeFi protocols, including Aave and Curve Finance, to swap their Yearn-equivalent tokens for other stablecoins, resulting in the $11.6 million heist.

The root cause of the exploit dates back to a previous version of the savings protocol that has been abandoned for over three years. Although the damage appears to be contained to the abandoned version of the protocol’s permissionless vaults, the incident highlights the dangers of using old smart contracts.

The hacker has swapped most of the stolen funds to DAI and exchanged some for ETH, which has been partially passed to crypto mixer Tornado Cash to obfuscate its origin.

Ernesto Garcia, smart contract engineer at OpenZeppelin, noted that the execution of the attack required multiple steps and was not a simple one.

The attack vector was linked to an apparent oversight from February 2020 when the yUSDT token contract was deployed with a bug.

Alan B
Alan B
Having immersed himself in the cryptocurrency space for several years, Alan has developed a keen eye for market trends and the latest developments in blockchain technology. His expertise spans a wide range of topics, from emerging altcoins to regulatory updates, making him a trusted voice in the community. When Alan isn't busy writing compelling articles, he enjoys attending industry conferences, engaging with fellow crypto enthusiasts, and staying up-to-date with the latest tech advancements.

Most Read News