News of the hack caused the Yearn’s native currency YFI to fall by around 15%, from $35,000 to just under $30,000
On February 5, Yearn Finance confirmed that their V1 yDAI vault has been exploited by a hacker. The DAI vault lost $11M with the hacker making away with $2.8M of this. Yearn has in the last few hours reassured the community that the attack has been mitigated with a full report to follow.
The attack on the Yearn Finance vault was confirmed by Banteg from the Yearn team who posted on Discord. Banteg’s analysis showed that the attacker made away with 513,000 DAI and $1.7 million USDT.
The post reads:
“Attacker got away with 2.8m, dai vault lost 11.1m.”
Deposits of V1 DAI, TUSD, USDT, and USDC remain suspended while the team draws a full picture of the event.
It has thus far been confirmed that the attacker exploited the Aave flash loan protocol to drain the vault. This, according to Aave founder Stani Kulechov, required an intrinsic process that involved more than 160 transactions across multiple Defi platforms and a total cost on gas fees of over $5,000. It’s also been curious that of the drained funds, $3M was deposited in Defi lending platform Curve.
Kulechov, speaking to Coindesk, has also noted that the avenue exploited by the hacker was well known to him. He also confirmed that he had further the same with Yearn’s team. He said:
“That’s a well-known issue (one could have it with Uniswap, too, however, Uniswap is not so popular for yield farming). I’ve expressed my thoughts to yearn team on how this could have been prevented (and similar vulnerabilities, too). But honestly, I didn’t expect them to have such a mistake in the code, that was a surprise to me.”
It is also important to note that the vault attacked was only a few days ago updated to a new investment strategy. The same update could have offered the widow needed by the attacker.
News of the hack, temporarily saw Yearn’s native currency YFI fall by around 15%, from $35,000 to just under $30,000. However, with the severity of the situation looking minimal, the token has been recording a nice rebound.
Yearn Finance is one of the biggest DeFi platforms with a total of over $500M locked. Since the news emerged, there has only been a 4% decrease in these funds. A majority of investors will be far keener on the full report and how the team will respond and prevent future attacks. A quick and efficient response will be welcome and prices will continue rebounding, with uncertainty and hesitation spelling doom for the project.
