Yearn Finance victim of a flash loan exploit: Blockchain security firm alerts DeFi protocol

|ByEkta Mourya

  • DeFi aggregator Yearn Finance is suspected of falling victim to a flash loan exploit, losses currently exceeding $10 million. 
  • Blockchain security firm PeckShield Inc identified the exploit and noted that the attacker targeted yUSDT. 
  • AAVE confirmed that its Version 1 that is frozen since December 2022 is not affected by the attack.

Yearn Finance, a DeFi aggregator protocol, suffered an exploit. PeckShield, a blockchain security firm, identified the exploit and notified the DeFi protocols.

Also read: Ethereum successfully completes first $32 million in ETH withdrawals, keeps selling pressure at bay

Yearn Finance suffers flash loan exploit

DeFi protocol Yearn Finance was targeted by a hacker in a flash loan exploit. A flash loan is a kind of unsecured loan offered by AAVE, it allows users to borrow as much as they want without a collateral. 

The user utilizes the borrowed funds and repays the debt to the protocol, in time, else the transaction is revered. Flash loan attacks are executed by attackers that have access to collateral, and access to a liquidity pool through which they manipulate the blockchain. 

Details of the exploit

PeckShield, a blockchain security firm, explained that the root cause of the flash loan exploit was a massive mint of yUSDT from a $10,000 USDT collateral. 1,252,660,242,212,927 yUSDT was minted using $10,000 USDT and the yUSDT tokens were then cashed out by swapping to stable coins. 

Flash loan exploit 

The DeFi aggregator Yearn Finance is yet to comment on the incident. In the meanwhile AAVE confirmed that the attack had no impact on its Version 1, a chain that was frozen in December 2022, limiting the damages to $18 million, the Total Value Locked (TVL) of the chain. 

Yearn Finance flash loan exploit

Flash loan attacks on Cream Finance, Alpha Homora, dYdX, PancakeBunny 

DeFi protocols like Cream Finance, Alpha Homora, dYdX and PancakeBunny have suffered similar attacks between 2020 and 2022. Attackers attempted to steal Liquidity Provider tokens of Cream finance by a $19 million flash loan attack. The protocol has been routinely targeted by flash loan exploits. 

The exploit on dYdX was executed through two lending platforms, Compound and Fulcrum and the attacker borrowed WBTC, swapping it for Uniswap, paying back the dYdX protocol and keeping the ETH as spoils. 

PancakeBunny’s Bunny Protocol was the victim of a flash loan attack where approximately $45 million worth of tokens were stolen. 

Impact on AAVE and YFI prices

AAVE’s price is steady above $78, close to its 24-hour high, since the protocol confirmed that funds on its Version 1 were safe from the DeFi exploit. Aggregator Yearn Finance’s YFI nosedived nearly 5% from $9,375 to $8,938. 

The exploit is a developing story and more details are awaited. YFI price could plummet lower with updates on the exploit.

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.

RELATED CONTENT

Loading ...

Copyright © 2024 FOREXSTREET S.L., All rights reserved.