News

Yearn Finance Hack: Exploiter Steals Millions In Flash Loan Attack

Key Points:

  • Attackers exploited a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.
  • The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI.
The Yearn Finance project, a decentralized finance (DeFi) platform, has reportedly been attacked by flash loans resulting in hackers profiting more than 10 million US dollars.

The attackers took advantage of a bug in the misconfigured yUSDT token to mint a large amount of yUSDT from a small amount of USDT. The total value of the stolen stablecoins was approximately $11.6 million USD.

According to PeckShield and Beosin EagleEye, two blockchain security and data analytics companies, all hacker addresses have been identified, and the flow of funds is being monitored.

According to Lookonchain, the exploit attacked the Yearn Finance project and made off with over $10 million in stablecoins, including:

  • 3,032,142 DAI,
  • 2,579,483 USDC,
  • 1,785,091 BUSD,
  • 1,512,528 TUSD,
  • 1,193,756 USDT.

Additionally, the yUSDT token in Yearn Finance has reportedly been misconfigured since its deployment over 1000 days ago, according to Samzcsun. Instead of using the Fulcrum iUSDT token, it was using the Fulcrum iUSDC token. This misconfiguration has caused the token to break.

As of now, PeckShield has revealed that the hacker exploits a bug in the misconfigured yUSDT. The attack was carried out by using a bug in the misconfigured yUSDT token to mint an extremely large amount of yUSDT from a small amount of USDT, which was then swapped for other stablecoins.

The total value of the stolen stablecoins was approximately $11.6 million USD, including $USDP, $TUSD, $BUSD, $USDT, $USDC, and $DAI. The exploiter supplied 1.5 million TUSD to AAVE and borrowed 634 ETH from AAVE. They also swapped part of the stolen stablecoins for approximately 600 ETH. The exploiter transferred 1,000 ETH into Tornado Cash.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.

Recent Posts

Bybit Proof Of Reserve Shows Changes In BTC, ETH, And USDT

Bybit Proof of Reserve reveals BTC holdings at 50,412 (-8.55%), ETH at 525,641 (+8.11%), and…

2 hours ago

Bitcoin Spot ETF Inflows Reach $449M With BlackRock Leading

Key Points: Bitcoin Spot ETF Inflows totaled $449M, led by BlackRock’s $1.45B contribution. Ethereum Spot…

3 hours ago

Best New Meme Coins to Join for 2025: BTFD Coin Leads, Popcat Keeps It Purr-fect, and Non-Playable Coin Hits Gamers Hard

Discover the Best New Meme Coins to Join for 2025. BTFD Coin's price rollback offers…

4 hours ago

Solana memecoins crash while DTX Exchange hits 100,000 TPS on layer-1 blockchain

Discover how DTX Exchange's historic achievement of 100,000 transactions per second on a layer-1 blockchain…

5 hours ago

Strategic Bitcoin Reserve Expected to Cut 35% of US National Debt by 2049

VanEck suggests the U.S. could reduce its national debt by 35% by 2050 through a…

5 hours ago

The New Lead of Presidential Crypto Council Appointed by Trump Is Bo Hines

President-elect Donald Trump named Bo Hines as the executive director of the presidential crypto council.

5 hours ago

This website uses cookies.