- Aave Version 1 and DeFi Yearn Finance are the latest protocols to have been exploited as of late.
- An attack affected a bug in a token issued by Yearn Finance, resulting in millions of dollars in damages.
- According to Aave engineers, version 1 of the protocol was unaffected and was only used to transfer tokens.
- Using a $10,000 initial investment, exploiters were able to mint over 1.2 quadrillion yUSDT, and eventually exchange them for millions in stablecoins.
Aave Version 1 and Yearn Finance are the most recent protocols that exploiters have targeted in the ongoing DeFi breaches, according to blockchain security company PeckShield.
PeckShield reported this morning that an attack affected a bug in a token issued by the DeFi protocol, Yearn Finance, resulting in millions of dollars in damages.
Findings indicated that this exploit took place on Aave version 1, and may have led to the theft of about $11 million.
The attack this week was distributed across several USD-pegged stablecoins namely: Tru USD (TUSD), Dai (DAI), tether (USDT), USD Coin (USDC), and Binance USD (BUSD).
1.2 Quadrillion yUSDT Minted
The exploit was formerly believed to impact Aave V1. However, the vulnerability mainly targeted Yearn Finance’s yUSD stablecoin, according to Aave engineers, who claimed that the protocol was unaffected and was only used to transfer tokens.
Following the original flag, PeckShield tweeted, “We need to clarify that the main reason is due to misconfigured yUSDT, and not connected to Aave.
Using a $10,000 initial investment, PeckShield explained that exploiters were able to mint over 1.2 quadrillion yUSDT (1,200,000,000,000,000 yUSDT) in the early Asian hours.
These tokens were then used to exploit the Yearn Finance system and eventually be exchanged for millions in stablecoins.
In another tweet, Aave integrations head Marc Zeller stated that version 1 of the protocol had been “locked since December 2022,” thus, the damage was minimal.
According to Zeller, the current sizes of V1 and the Aave safety module are $18 million and $382.50 million, respectively. Versions 2 and 3 of Aave were also unaffected at the time of writing, he said in a second tweet.
Yearn Calms Users After An Exploit
Yearn Finance’s team issued a statement in response to the most recent development to reassure its subscribers.
We’re investigating a problem with an old contract from before Vaults v1 and v2, called iearn. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols, the protocol tweeted.
The protocol said that its team is still looking into the matter.
This most recent exploit was launched about two months after Yearn Finance joined forces with many prominent DeFi protocols to promote decentralization and started a Twitter campaign with more than 30 projects.
The campaign’s participants included Yearn Finance, Element, CoW Swap, Balancer, Aura Finance, Euler, Gearbox, Dopex, Pods, Opyn, SushiSwap, DegenScore, MakerDAO, Stake DAO, Zerion, Ajna, Aave, Oasis.app, and Pods Finance.
“Decentralized finance is seeing a unique development,” says Draper, chief marketing officer of Yearn Finance.
“This campaign highlights how DeFi differs from the systems it aims to replace, and it does it in a way that could only be effective in that sector. We hope it will serve as yet another reminder that, in the aftermath of CeFi blow-ups, DeFi stands apart not only via its technological composability but also its shared ideals.”
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.