ETH
by BSCN
April 13, 2023
Aave said the exploit did not impact any version of its protocol, while Yearn Finance said current protocols were safe.
A hacker exploited a vulnerability in an “outdated” iearn stablecoin to drain $10 million in liquidity from Yearn Finance and Aave Protocol. Following the attack, both Yearn and Aave assured users that current versions of their protocols were not impacted by the exploit.
"We're looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols," Yearn tweeted.
Yearn said the exploited contract was deprecated in 2020.
AaveAave said the vulnerability to did not impact any version of its protocol.
The Security Department of Web3 Super App and Antivirus De.Fi broke down the attack in a Twitter thread.
According to De.Fi, the iearn yUSDT token was misconfigured to use Fulcrum $iUSDC instead of Fulcrum $iUSDT. The attacker used the vulnerability to mint 1.2 quadrillion $yUSDT from just $10,000, then cashed out the $yUSDT for other stablecoins.
De.Fi posted screenshots of the attacker’s two wallets, showing about $10 million in assets spread across $ETH, $aTUSD, $DAI and $USDC.
Latest News
January 11, 2025
Weekly Article Recap: 1/06-1/10
January 10, 2025
Filipino Banks to Launch PHPX Peso Stablecoin on Hedera Network
January 10, 2025
U.S. Senate Banking Committee to Launch First Cryptocurrency Subcommittee
January 9, 2025
Bio Protocol and NuDAO Partner to Revolutionize Decentralized Science (DeSci)
January 9, 2025
Backpack Clarifies Acquisition of FTX EU Assets Amid FTX Estate Denial
January 9, 2025
Oklahoma Senator Proposes Bill to Allow Employees to Receive Wages in Bitcoin
January 8, 2025
Bhutan's Gelephu Mindfulness City Plans to Embrace Crypto in Strategic Reserves
January 8, 2025
Sol Strategies Secures CAD $25M to Expand Solana Holdings