News

Yearn Finance Hack: Exploiter Steals Millions In Flash Loan Attack

Key Points:

  • Attackers exploited a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.
  • The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI.
The Yearn Finance project, a decentralized finance (DeFi) platform, has reportedly been attacked by flash loans resulting in hackers profiting more than 10 million US dollars.

The attackers took advantage of a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT. The total value of the stolen stablecoins was approximately $11.6 million USD.

According to PeckShield and Beosin EagleEye, two blockchain security and data analytics companies, all hacker addresses have been identified, and the flow of funds is being monitored.

According to Lookonchain, the exploit attacked the Yearn Finance project and made off with over $10 million in stablecoins, including:

  • 3,032,142 DAI,
  • 2,579,483 USDC,
  • 1,785,091 BUSD,
  • 1,512,528 TUSD,
  • 1,193,756 USDT.

Additionally, the yUSDT token in Yearn Finance has reportedly been misconfigured since its deployment over 1000 days ago, according to Samzcsun. Instead of using the Fulcrum iUSDT token, it was using the Fulcrum iUSDC token. This misconfiguration has caused the token to break.

As of now, PeckShield has revealed that the hacker exploits a bug in the misconfigured yUSDT. The attack was carried out by using a bug in the misconfigured yUSDT token to mint an extremely large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.

The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI. The exploiter supplied 1.5 million TUSD to AAVE and borrowed 634 ETH from AAVE. They also swapped part of the stolen stablecoins for approximately 600 ETH. The exploiter transferred 1,000 ETH into Tornado Cash.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.

Recent Posts

Crypto PAC Fairshake Continues to Boost 2026 Election With Support from a16z

a16z and Coinbase have pledged substantial funds to crypto PAC Fairshake, aiming to support crypto-friendly…

46 mins ago

Bitcoin, Ethereum, And Solana Lead Crypto Market, But Not For Long With New AI Altcoin With 30,000% Potential, Expert Says

Bitcoin (BTC), Ethereum (ETH), and Solana (SOL) dominate the crypto market, but experts warn that…

4 hours ago

Dogecoin Price Prediction: Will DOGE Ever Hit $0.7 Again? Why ETFSwap (ETFS) Is The Best Alternative For 100x Gains

Discover the future as the Dogecoin price aims for a $0.7 comeback and discover why…

7 hours ago

Step into BlockDAG’s Presale Frenzy This November: Secure a Massive 100% Bonus with BDAG100!

November is the perfect time for BlockDAG's huge presale. Use BDAG100 to double your purchase.…

9 hours ago

This website uses cookies.