skip to Main Content
bitcoin
Bitcoin (BTC) $ 75,982.36 0.24%
vested-xor
Vested XOR (VXOR) $ 3,405.08 99,999.99%
ethereum
Ethereum (ETH) $ 2,916.38 2.79%
tether
Tether (USDT) $ 0.999967 0.16%
solana
Solana (SOL) $ 198.81 2.82%
bnb
BNB (BNB) $ 593.53 0.66%
usd-coin
USDC (USDC) $ 0.999163 0.12%
xrp
XRP (XRP) $ 0.549513 0.26%
dogecoin
Dogecoin (DOGE) $ 0.194799 0.87%
staked-ether
Lido Staked Ether (STETH) $ 2,917.65 2.69%

Hacker mints 1 quadrillion yUSDT after exploiting old Yearn.finance contract

The hacker has already transferred 1,000 Ether ($2 million) to the crypto mixer Tornado Cash.

970 Total views

13 Total shares

Hacker mints 1 quadrillion yUSDT after exploiting old Yearn.finance contract

Own this piece of history

Collect this article as an NFT

Blockchain security firm PeckShield recently detected a hack that allowed the attacker to mint over 1 quadrillion Yearn Tether (yUSDT) from $10,000 in the latest decentralized finance (DeFi) exploit. 

According to the security firm, the hacker then swapped the yUSDT to other stablecoins, allowing them to take hold of $11.6 million worth of stablecoins. This includes 61,000 Pax Dollar (USDP), 1.5 million TrueUSD (TUSD), 1.79 million Binance USD (BUSD), 1.2 million Tether (USDT), 2.58 million USD Coin (USDC) and 3 million Dai (DAI).

PeckShield illustrates the flow of funds from the attack. Source: PeckShield

PeckShield said that the hacker has already managed to transfer 1,000 Ether (ETH), currently worth almost $2 million, to the sanctioned cryptocurrency mixer Tornado Cash. The blockchain security company also flagged the DeFi protocols Aave and Yearn.finance to inform them of what was transpiring. 

Related: Sentiment recovers $870K after negotiations with hacker

After initial checks, lending platform Yearn.finance made a statement, saying the issue was limited to iearn, an outdated contract before vaults v1 and v2. The DeFi protocol stated that the current Yearn.finance contracts and protocols are not affected by the exploit.

We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2.

This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols.

iearn is an immutable contract predating YFI, it was deprecated in 2020.

Vaults v1, with…

— yearn (@iearnfinance) April 13, 2023

Meanwhile, Aave also said they are aware of the transaction. The liquidity protocol recently confirmed that the hack did not impact Aave v1, v2 or v3. 

While hacks still plague the DeFi space in 2023, the amount of money lost to hacks has been lower compared to the previous years. According to the quarterly report of blockchain security firm CertiK, more than $320 million were lost to hacks in the first quarter of 2023. The losses were a lot lower compared to 2022’s first quarter where $1.3 billion were lost and the fourth quarter when $950 million were lost to hacks.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Loading data ...
Comparison
View chart compare
View table compare
Back To Top