ETH
by BSC News
April 13, 2023
Aave said the exploit did not impact any version of its protocol, while Yearn Finance said current protocols were safe.
A hacker exploited a vulnerability in an “outdated” iearn stablecoin to drain $10 million in liquidity from Yearn Finance and Aave Protocol. Following the attack, both Yearn and Aave assured users that current versions of their protocols were not impacted by the exploit.
"We're looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols," Yearn tweeted.
Yearn said the exploited contract was deprecated in 2020.
AaveAave said the vulnerability to did not impact any version of its protocol.
The Security Department of Web3 Super App and Antivirus De.Fi broke down the attack in a Twitter thread.
According to De.Fi, the iearn yUSDT token was misconfigured to use Fulcrum $iUSDC instead of Fulcrum $iUSDT. The attacker used the vulnerability to mint 1.2 quadrillion $yUSDT from just $10,000, then cashed out the $yUSDT for other stablecoins.
De.Fi posted screenshots of the attacker’s two wallets, showing about $10 million in assets spread across $ETH, $aTUSD, $DAI and $USDC.
Related News
Latest News
April 27, 2024
Weekly Article Recap: 4/22-4/26
April 26, 2024
Terraform Labs to Restrict Access for US Users Amid SEC Legal Battle
April 26, 2024
Can Chinese Investors Buy Hong Kong's New BTC and ETH ETFs?
April 26, 2024
World's largest Asset Custodian Bank, BNY Mellon Holds Bitcoin ETFs: Report
April 26, 2024
SEC Files $5.6M Lawsuit Against Geosyn Bitcoin Miner For Fraud
April 25, 2024
Nigeria Appoints Pro-Crypto Leader to Head SEC
April 25, 2024
BNB Chain Shows Strong Growth in Q1, 2024 Report: Key Details
April 25, 2024
Ethereum Spot ETFs Is Likely to Face SEC Denial in May: Reports
More News