yearn.finance Reveals Details on Hack That Triggered $11 Million Loss

Free Bitcoins: FreeBitcoin | BonusBitcoin

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining


Decentralized finance (DeFi) yield aggregator yearn.finance (YFI) reveals the details of a hacking incident that caused a total loss of $11 million to the network.

According to Yearn’s vulnerability disclosure posted on GitHub Thursday, yearn.finance creator Andre Cronje noticed odd patterns in a contract interacting with the platform’s vaults at 21:45 UTC on February 4th.

Upon further examination, the complex and concerning transaction turned out to be an active exploit of the v1 yDAI vault.

Yearn says the attacker caused the compromised vault to deposit and withdraw funds from the automated market maker (AMM) Curve’s 3pool at unfavorable rates.

“At a high level, the exploiter was able to profit through the following steps:

Debalance the exchange rate between stablecoins in Curve’s 3CRV pool.
Make the yDAI vault deposit into the pool at an unfavorable exchange rate.
Reverse the imbalance caused in step 1.”

The security team mitigated the exploit in 11 minutes. Yearn says the quick response saved 24 million of the vault’s 35 million DAI under management.

Despite the team’s quick work, yearn.finance developer banteg says the attacker managed to get away with some deposited funds in the pool.

As for the cause of the attack, yearn.finance reports that a confluence of three factors led to the vulnerability.

“[First], the hacked vault’s slippage protection was set too loose at 1%. [Second], the normal 0.5% withdrawal fee was set to 0%, to encourage migrations to v2 vaults without incurring costs. [And third], this being a v1 vault, the exploiter was able to call earn() and push deposits into the vault’s strategy at will.”

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Follow us on Twitter, Facebook and Telegram

Check Latest News Headlines


Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Tithi Luadthong



Free Bitcoins: FreeBitcoin | BonusBitcoin

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close