Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the schema-and-structured-data-for-wp domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/theurbz4/public_html/wp-includes/functions.php on line 6114
yearn.finance Reveals Details on Hack That Triggered $11 Million Loss - The Urban Mine

The Urban Mine

Empowering Las Vegas with E-Waste

yearn.finance Reveals Details on Hack That Triggered $11 Million Loss

Decentralized finance (DeFi) yield aggregator yearn.finance (YFI) reveals the details of a hacking incident that caused a total loss of $11 million to the network.

According to Yearn’s vulnerability disclosure posted on GitHub Thursday, yearn.finance creator Andre Cronje noticed odd patterns in a contract interacting with the platform’s vaults at 21:45 UTC on February 4th.

Upon further examination, the complex and concerning transaction turned out to be an active exploit of the v1 yDAI vault.

Yearn says the attacker caused the compromised vault to deposit and withdraw funds from the automated market maker (AMM) Curve’s 3pool at unfavorable rates.

“At a high level, the exploiter was able to profit through the following steps:

Debalance the exchange rate between stablecoins in Curve’s 3CRV pool.
Make the yDAI vault deposit into the pool at an unfavorable exchange rate.
Reverse the imbalance caused in step 1.”

The security team mitigated the exploit in 11 minutes. Yearn says the quick response saved 24 million of the vault’s 35 million DAI under management.

Despite the team’s quick work, yearn.finance developer banteg says the attacker managed to get away with some deposited funds in the pool.

As for the cause of the attack, yearn.finance reports that a confluence of three factors led to the vulnerability.

“[First], the hacked vault’s slippage protection was set too loose at 1%. [Second], the normal 0.5% withdrawal fee was set to 0%, to encourage migrations to v2 vaults without incurring costs. [And third], this being a v1 vault, the exploiter was able to call earn() and push deposits into the vault’s strategy at will.”

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox



Follow us on Twitter, Facebook and Telegram


Check Latest News Headlines




Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Tithi Luadthong

The post yearn.finance Reveals Details on Hack That Triggered $11 Million Loss appeared first on The Daily Hodl.

yearn.finance Reveals Details on Hack That Triggered $11 Million Loss

Leave a Reply

Scroll to top