Yearn Finance Hack: Exploiter Steals Millions In Flash Loan Attack

Key Points:

• Attackers exploited a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.
• The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI.

The Yearn Finance project, a decentralized finance (DeFi) platform, has reportedly been attacked by flash loans resulting in hackers profiting more than 10 million US dollars.

The attackers took advantage of a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT. The total value of the stolen stablecoins was approximately $11.6 million USD.

According to PeckShield and Beosin EagleEye, two blockchain security and data analytics companies, all hacker addresses have been identified, and the flow of funds is being monitored.

According to Lookonchain, the exploit attacked the Yearn Finance project and made off with over $10 million in stablecoins, including:

• 3,032,142 DAI,
• 2,579,483 USDC,
• 1,785,091 BUSD,
• 1,512,528 TUSD,
• 1,193,756 USDT.

Additionally, the yUSDT token in Yearn Finance has reportedly been misconfigured since its deployment over 1000 days ago, according to Samzcsun. Instead of using the Fulcrum iUSDT token, it was using the Fulcrum iUSDC token. This misconfiguration has caused the token to break.

As of now, PeckShield has revealed that the hacker exploits a bug in the misconfigured yUSDT. The attack was carried out by using a bug in the misconfigured yUSDT token to mint an extremely large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.

The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI. The exploiter supplied 1.5 million TUSD to AAVE and borrowed 634 ETH from AAVE. They also swapped part of the stolen stablecoins for approximately 600 ETH. The exploiter transferred 1,000 ETH into Tornado Cash.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News