ETH
by BSCN
April 13, 2023
Aave said the exploit did not impact any version of its protocol, while Yearn Finance said current protocols were safe.
A hacker exploited a vulnerability in an “outdated” iearn stablecoin to drain $10 million in liquidity from Yearn Finance and Aave Protocol. Following the attack, both Yearn and Aave assured users that current versions of their protocols were not impacted by the exploit.
"We're looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols," Yearn tweeted.
Yearn said the exploited contract was deprecated in 2020.
AaveAave said the vulnerability to did not impact any version of its protocol.
The Security Department of Web3 Super App and Antivirus De.Fi broke down the attack in a Twitter thread.
According to De.Fi, the iearn yUSDT token was misconfigured to use Fulcrum $iUSDC instead of Fulcrum $iUSDT. The attacker used the vulnerability to mint 1.2 quadrillion $yUSDT from just $10,000, then cashed out the $yUSDT for other stablecoins.
De.Fi posted screenshots of the attacker’s two wallets, showing about $10 million in assets spread across $ETH, $aTUSD, $DAI and $USDC.
Latest News
8h : 56m ago
Thailand Explores Bitcoin Pilot Project in Phuket to Boost Tourism
10h : 56m ago
FLOKI DAO Proposes Launch of Europe-Based ETP on SIX Swiss Exchange
December 25, 2024
Binance's 63rd Launchpool Project: What is Bio Protocol (BIO)?
December 25, 2024
Crypto Adoption in South Korea Reaches Over 30% of the Population: Report
December 24, 2024
Binance Labs’ New Investment: What is Usual?
December 24, 2024
Crypto.com Launches U.S. Institutional Cryptocurrency Custody Service
December 23, 2024
Shiba Inu Ecosystem and Turbo Memecoin Adopt Cross-Chain Token Standard with Chainlink CCIP
December 23, 2024
VanEck Predicts Strategic Bitcoin Reserve Could Offset $42T of U.S. Debt by 2049