Trusted

Yearn Finance Allegedly Exploited Out of $10M by ‘Misconfigured’ Token

1 min
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • A vulnerability likely impacted DeFi protocols Yearn Finance and Aave today, according to PeckShield.
  • PeckShield explained that a misconfigured yUSDT token possibly allowed a bad actor to mint a massive amount before cashing out.
  • Details of the exploit are still emerging.
  • promo

‘Misconfigured’ vulnerability likely impacted DeFi protocols Yearn Finance today, according to security company PeckShield.

PeckShield explained that a misconfigured yUSDT possibly allowed a bad actor to mint huge yUSDT before cashing it out.

What We Know About Losses to Yearn, Aave

While details of the exploit are still being sorted, PeckShield revealed that the misconfigured yUSDT allowed 1,252,660,242,212,927 yUSDT to be minted from $10,000 USDT.

The firm noted,

“The huge yUSDT is then cashed out by swapping to other stablecoins.”

Nansen claims the yUSDT hacker distributed its $11.3 million in ETH, DAI, USDC, and BUSD money among three addresses.

Nansen Dashboard showing stablecoins exploited from Yearn and Aave
Nansen Dashboard showing stablecoins exploited from Yearn and Aave

The vulnerability was reportedly isolated to “iearn legacy protocol launched in 2020 and liquidity pool” and Aave V1.

Yearn Security developer Stormed Blessed Ox confirmed early reports that the exploit likely didn’t affect Yearn v2 vaults.

Meanwhile, the Aave protocol confirms that the hack did not impact Aave V2 and Aave V3. The platform said,

“We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol, which has been frozen. We’re monitoring the situation closely to ensure no further concerns.”

Aave developer Marc Zeller is predicting no monetary impact on V1.

Paradigm researcher Samczsun underlined that yUSDT was misconfigured since its deployment and the last script update was 1,000 days ago.

Misconfigured Fulcrum iUSDC Token instead of the Fulcrum iUSDT Token
Misconfigured Fulcrum iUSDC Token instead of the Fulcrum iUSDT Token

Meanwhile, other crypto commentators took the incident as a reminder to users to diversify their funds across different DeFi protocols.

This is a developing story. BeInCrypto will update as details emerge.

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

shraddha_sharma.jpg
Shraddha Sharma
Shraddha is an India-based journalist who worked in business and financial news before diving into the crypto space. As an investment enthusiast, she has also has a keen interest in understanding crypto from a personal finance standpoint.
READ FULL BIO
Sponsored
Sponsored