PeckShield explained that a misconfigured yUSDT possibly allowed a bad actor to mint huge yUSDT before cashing it out.
What We Know About Losses to Yearn, Aave
While details of the exploit are still being sorted, PeckShield revealed that the misconfigured yUSDT allowed 1,252,660,242,212,927 yUSDT to be minted from $10,000 USDT.
The firm noted,
“The huge yUSDT is then cashed out by swapping to other stablecoins.”
The vulnerability was reportedly isolated to “iearn legacy protocol launched in 2020 and liquidity pool” and Aave V1.
Meanwhile, the Aave protocol confirms that the hack did not impact Aave V2 and Aave V3. The platform said,
“We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol, which has been frozen. We’re monitoring the situation closely to ensure no further concerns.”
Aave developer Marc Zeller is predicting no monetary impact on V1.
Paradigm researcher Samczsun underlined that yUSDT was misconfigured since its deployment and the last script update was 1,000 days ago.
This is a developing story. BeInCrypto will update as details emerge.
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.