The decentralized lending protocol Yearn Finance was hacked, losing over $10 million in stablecoins.
DeFi protocol Yearn Finance lost more than $10 million in various stablecoins due to a misconfiguration of one of the tokenized stablecoins. About it on Twitter reported PeckShield analysts. According to counting Lookonchain, the hackers withdrew $3M in DAI, over $2.5M in USDC, nearly $1.8M in BUSD, $1.5M in TUSD, and $1.1M in USDT.
According to PeckShield, an attacker exploited a vulnerability in the yUSDT smart contract to issue over one quadrillion tokenized yUSDT stablecoins using $10,000 in USDT.
Subsequently, the issued stablecoins were converted into other assets for withdrawal from the contract. To attack, the attacker deposited the USDT stablecoin through the Tornado Cash sub-sanctioned mixer to make it difficult to trace. Representatives of Yearn Finance confirmed hacking, however, noted that the vulnerability does not apply to later versions of the protocol.
Researcher at venture capital firm Paradigm alias @samczsun believesthat the protocol has been vulnerable since the early days of launch (more than three years ago). It is assumed that the project developers have specified an incorrect address for tracking the collateral of the yUSDT stablecoin (the iUSDC address was tracked instead of the paired iUSDT token).
The previously decentralized platform Terraport Finance, built on the Terra Classic blockchain, also suffered from a hack. Project representatives reportedthat the hacker emptied all the pools and withdrew digital assets worth about $2 million from the site, and then transferred them to Binance and MEXC Global.
Stay in touch! Subscribe to bitcoinlinux.com at Telegram.
