The Yearn Finance V2 Vault Does Not Appear To Be Affected By The Attack

April 13, 2023 - Around 2 mins mins to read

Key Points:

An attack using a defect in a Yearn Finance token leads to millions of dollars in damages.
However, Yearn V2 was not affected by the attack.
Aave also confirmed that there was no damage.

As Coincu reported, the DeFi protocols Aave and Yearn Finance are under assault from a flash loan attack.

The Yearn Finance V2 Vault Does Not Appear To Be Affected By The Attack

Yearn Finance reposted protocol creator @storming0x’s tweet, in which he indicated that the presently known flaws do not seem to be connected to the Yearn heritage protocol and liquidity pool, which were introduced in 2020. Yearn v2 Insurance Libraries seem to be unaffected, and Yearn contributors are looking into it.

We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and liquidity pool.

Yearn v2 vaults seem not to be impacted.

Yearn contributors are investigating.

Further comms to follow on main account. https://t.co/CKddWwjFj8
— Storm Blessed 0x (@storming0x) April 13, 2023

A bug in a token released by the decentralized finance (DeFi) system Yearn Finance was exploited this morning, according to security company PeckShield, resulting in millions of dollars in damages.

We need to clarify that the root cause is due to misconfigured yUSDT, not related to @AaveAave. https://t.co/XjI9UhbOZf
— PeckShield Inc. (@peckshield) April 13, 2023

Samczsun, a pseudonymous crypto researcher, stated that Yearn Finance’s version of USDT, known as yUSDT, has been broken since it was launched three years ago. He said that it had been misconfigured to utilize the Fulcrum iUSDC token rather than the Fulcrum iUSDT token.

It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.https://t.co/FMtjACkGNz pic.twitter.com/dxW9E0ndF1
— samczsun (@samczsun) April 13, 2023

This was confirmed by PeckShield. According to the report, the fundamental problem seems to be a misconfigured yUSDT. This was used to create 1.2 quadrillion yUSDT from just $10,000. This was then converted into cash by exchanging it for other stablecoins.

It appears the root cause is due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by swapping to other stable coins. https://t.co/Qz3vwtbcot pic.twitter.com/xlsc2Nlmle
— PeckShield Inc. (@peckshield) April 13, 2023

Moreover, Yearn Finance has suffered a loss of around $11.6 million as a result of today’s assault.

#PeckShieldAlert #PeckShieldAlert The exploiter has grabbed ~$11.6M worth of stables, including 61K $USDP, 1.5M $TUSD, ~1.79M $BUSD, ~1.2M $USDT, ~2.58M $USDC and 3M $DAI
They supplied 1.5M $TUSD to #AAVE, and borrowed 634 $ETH from #AAVE https://t.co/fSD0UlhCi6
And then swapped… pic.twitter.com/HW2lPplxTw
— PeckShieldAlert (@PeckShieldAlert) April 13, 2023

The exploit was initially considered to target Aave V1. Nevertheless, Aave developers said that the protocol was unaffected and that it was only utilized to transfer tokens in order to carry out the hack, which primarily included Yearn Finance’s yUSD stablecoin. Aave said in a tweet that the assault had no effect on Aave V1, V2, or V3.

We are aware of this transaction, and it did not have an impact on Aave V2 and Aave V3.

We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol which has been frozen. We're monitoring the situation closely to ensure no further concerns. https://t.co/uM9wtLNJMl
— Aave Labs (@aave) April 13, 2023

The assault on Aave and Yearn follows the SushiSwap exploit, which resulted in the loss of $3.3 million in assets last week.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Scam Alert

The Yearn Finance V2 Vault Does Not Appear To Be Affected By The Attack

Key Points:

An attack using a defect in a Yearn Finance token leads to millions of dollars in damages.
However, Yearn V2 was not affected by the attack.
Aave also confirmed that there was no damage.

As Coincu reported, the DeFi protocols Aave and Yearn Finance are under assault from a flash loan attack.

We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and liquidity pool.

Yearn v2 vaults seem not to be impacted.

Yearn contributors are investigating.

Further comms to follow on main account. https://t.co/CKddWwjFj8
— Storm Blessed 0x (@storming0x) April 13, 2023

A bug in a token released by the decentralized finance (DeFi) system Yearn Finance was exploited this morning, according to security company PeckShield, resulting in millions of dollars in damages.

We need to clarify that the root cause is due to misconfigured yUSDT, not related to @AaveAave. https://t.co/XjI9UhbOZf
— PeckShield Inc. (@peckshield) April 13, 2023

It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.https://t.co/FMtjACkGNz pic.twitter.com/dxW9E0ndF1
— samczsun (@samczsun) April 13, 2023

It appears the root cause is due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by swapping to other stable coins. https://t.co/Qz3vwtbcot pic.twitter.com/xlsc2Nlmle
— PeckShield Inc. (@peckshield) April 13, 2023

Moreover, Yearn Finance has suffered a loss of around $11.6 million as a result of today’s assault.

#PeckShieldAlert #PeckShieldAlert The exploiter has grabbed ~$11.6M worth of stables, including 61K $USDP, 1.5M $TUSD, ~1.79M $BUSD, ~1.2M $USDT, ~2.58M $USDC and 3M $DAI
They supplied 1.5M $TUSD to #AAVE, and borrowed 634 $ETH from #AAVE https://t.co/fSD0UlhCi6
And then swapped… pic.twitter.com/HW2lPplxTw
— PeckShieldAlert (@PeckShieldAlert) April 13, 2023

We are aware of this transaction, and it did not have an impact on Aave V2 and Aave V3.

We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol which has been frozen. We're monitoring the situation closely to ensure no further concerns. https://t.co/uM9wtLNJMl
— Aave Labs (@aave) April 13, 2023

The assault on Aave and Yearn follows the SushiSwap exploit, which resulted in the loss of $3.3 million in assets last week.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Visited 50 times, 1 visit(s) today

Sign up for Newsletter

The Yearn Finance V2 Vault Does Not Appear To Be Affected By The Attack

As Coincu reported, the DeFi protocols Aave and Yearn Finance are under assault from a flash loan attack.

Author

Related Posts

As Coincu reported, the DeFi protocols Aave and Yearn Finance are under assault from a flash loan attack.

Other Posts

Related Posts

Latest

Gate.io Celebrates 11th Anniversary with Prize Activities and Vision for the Future

Philippines Fintech Revolution Summit

Crypto Usage at US Online Casinos in 2024

TOP Casino Projects

Press Release

Gate.io Celebrates 11th Anniversary with Prize Activities and Vision for the Future

Philippines Fintech Revolution Summit

Multipool Partners with BSO Enabling Ultra-fast Low Latency Trading

News

Social

Read More

Partners