Security

Yearn Finance Hack Due To Vulnerabilities In yUSDT Contract, Bugs Still Not Fixed

The team also said the bug exists in multiple versions and causes many Curve pools (y, busd, pax) to be exploited and exhausted. Currently, the vulnerabilities have not been fixed.

As previously pointed out, the root cause of this morning’s iEarn exploit was a bug in the legacy iEarn USDT (yUSDT) token contract.

This bug persisted in several versions and led to multiple Curve pools (y, busd, pax) being exploited and drained. Liquidity providers who…

— yearn (@iearnfinance) April 13, 2023

Liquidity providers depositing LP tokens into downstream protocols are still affected, this includes users of the Yearn v2(2) and legacy v1(2) vaults packing the LPs affected by this. In an earlier tweet, Yearn stated that the current version, Yearn v2 Vaults, is unaffected.

As mentioned earlier, a suspicious transaction was detected by Peckshield (DeFi technical testing unit). Two related names are Yearn Finance and Aave, veteran projects in the decentralized financial market.

Suspicious transactions. Source: Peckchield Inc.

Initial feedback revealed this was a flash loan assault on Yearn Finance using money obtained through Ave. However, many consumers are also worried that Aave may be impacted if any odd actions are made in relation to this loan product. Aave-related transactions are Repay transactions, which repay the product’s Core V1 pool.

“We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols. iearn is an immutable contract predating YFI, it was deprecated in 2020.”

This protocol said.

Reports also indicate that $10 million has been extracted from Yearn Finance, located in a wallet with the address “0x16A…74A5”. At the time of the attack, the YFI token had dropped to less than $9,000. The YFI token’s price has been adjusted to the original level.

24h YFI price chart. Source: CoinMarketCap

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

   

Source

Click to rate this post!
[Total: 0 Average: 0]
Показать больше

Добавить комментарий