The DeFi platform Yearn Finance has suffered a flash loan attack, with millions of funds withdrawn by the hacker. The exploit is centered on the Aave V1 liquid protocol, blockchain security firm PeckShield reported Thursday. Yearn’s security team is aware of the issue and is working on a fix.
PeckShield in a next tweet revealed that the root cause is likely due to the misconfigured yUSDT, which is being exploited to earn huge yUSDT (approximately 1,252,660,242,212,927.5) from just $10K USDT. The huge yUSDT is then paid out by exchanging to other stablecoins. However, it remains to be confirmed if Aave plays a role in the hack.
The flow of stolen funds. Source: PeckShield
Also Read: Ethereum (ETH) Withdrawn After Shanghai (Shapella) Upgrade: Details
Beosin Alert noted that the total loss in the Yearn Finance hack is almost $11,539,783. The blockchain security platform also reported that the wallets contained most of the money stolen from Yearn Finance. It also confirmed withdrawals of 996,000 USDC, 570,000 DAI and 241,000 USDT from Aave Lending Pool Core V1.
Hackers have stolen nearly $11.6 million worth of stablecoins, including 61K USDP1.5 million TUSD1.8 million BUSD1.2 million USDT2.58 million USDC, and 3 million DAI. The hackers transferred 1.5 million TUSD Unpleasant AAVEand borrowed 634 ETH by AAVE. They then traded some stablecoins for 600 ET, with 1,000 ETH already transferred in Tornado Cash.
Aave unaffected by the Yearn Finance hack
Crypto researcher Samczsun claimed that Yearn Finance’s version of USDT, dubbed yUSDT, has been broken since it was implemented about three years ago. He said it was “misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.”
The Aave team has confirmed that the Aave V1 protocol has been used, but is not affected by the hack. Aave CEO Stani Kulechov taken to Twitter to confirm.
We are aware of this transaction and it did not affect Aave V2 and Aave V3.
We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol that has been frozen. We are closely monitoring the situation to ensure there are no further concerns. https://t.co/uM9wtLNJMl
— Aave (@AaveAave) April 13, 2023
Varinder is a technical writer and editor, technology enthusiast and analytical thinker. Fascinated by disruptive technologies, he has shared his knowledge about Blockchain, Cryptocurrencies, Artificial Intelligence and the Internet of Things. He has been associated with the blockchain and cryptocurrency industry for quite some time and is currently covering all the latest updates and developments in the crypto industry.
The content presented may contain the personal opinion of the author and is subject to market conditions. Do your market research before investing in cryptocurrencies. The author or publication is not responsible for your personal financial loss.
This post Yearn Finance suffers from payday loan exploitation, is Aave also affected?
was published first on https://coingape.com/yearn-finance-suffers-flash-loan-exploit-on-aave/