DeFi

Yearn Finance Hack Due To Vulnerabilities In yUSDT Contract, Bugs Still Not Fixed

Key Points:

  • Yearn Finance, for the first time, disclosed that the cause of the hack was due to existing vulnerabilities in the smart contract of the yUSDT token.
  • The bug is still not fixed, so liquidity providers that send LP tokens to downstream protocols are still affected.
  • Yearn has stated that the current version, Yearn v2 Vaults, is unaffected.
Yearn Finance announced the progress of the attack investigation. It said that the root cause of the attack on Yearn was due to residual vulnerabilities in the iEarn USDT (yUSDT) token contract.

The team also said the bug exists in multiple versions and causes many Curve pools (y, busd, pax) to be exploited and exhausted. Currently, the vulnerabilities have not been fixed.

Liquidity providers depositing LP tokens into downstream protocols are still affected, this includes users of the Yearn v2(2) and legacy v1(2) vaults packing the LPs affected by this. In an earlier tweet, Yearn stated that the current version, Yearn v2 Vaults, is unaffected.

As mentioned earlier, a suspicious transaction was detected by Peckshield (DeFi technical testing unit). Two related names are Yearn Finance and Aave, veteran projects in the decentralized financial market.

Suspicious transactions. Source: Peckchield Inc.

Initial feedback revealed this was a flash loan assault on Yearn Finance using money obtained through Ave. However, many consumers are also worried that Aave may be impacted if any odd actions are made in relation to this loan product. Aave-related transactions are Repay transactions, which repay the product’s Core V1 pool.

“We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols. iearn is an immutable contract predating YFI, it was deprecated in 2020.”

This protocol said.

Reports also indicate that $10 million has been extracted from Yearn Finance, located in a wallet with the address “0x16A…74A5”. At the time of the attack, the YFI token had dropped to less than $9,000. The YFI token’s price has been adjusted to the original level.

24h YFI price chart. Source: CoinMarketCap

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News

Andy

Share
Published by
Andy
Tags: # CryptocurrenciescryptohackYearn FinanceYFIyUSDT
1 year ago

Recent Posts

BlackRock Bitcoin ETF Surges with $1.1 Billion Trading Volume Today!

BlackRock Bitcoin ETF startled the financial markets, with $1.1 billion of trading volume said to…

31 mins ago

VanEck’s spot Ethereum ETFs Poised for Launch Amid Fee Battles!

Spot Ethereum ETFs may start trading any day now.

1 hour ago

Binance.US in Washington Will Suspend Services on August 20

Binance.US in Washington will halt operations on August 20, 2024, due to regulatory issues.

2 hours ago

Spot Ethereum ETF Approval Is Now Progressing Smoothly, SEC Chair Says

SEC Chair Gary Gensler stated that the spot Ethereum ETF approval is progressing smoothly.

3 hours ago

Minutes Network closes in on its first 1.2 billion users with Smart Energy Water

London, United Kingdom, 25th June 2024, Chainwire

9 hours ago

GolfN Tees Up Play-to-Earn Golf Following $1.3M Pre-Seed Raise

Chicago, United States, 25th June 2024, Chainwire

10 hours ago

This website uses cookies.