An early version of the DeFi protocol Yearn Finance, known as iearn, experienced an exploit today, resulting in a loss of $11.6 million, reported PeckShield.
The attacker obtained a variety of stablecoins, including DAI/USD, USDC/USD, BUSD/USD, TUSD/USD, and USDT/USD, according to LookOnChain.
Crypto researcher Samczsun, who operates under a pseudonym, alleged that Yearn Finance's yUSDT version has been faulty since its launch approximately three years ago, The Block reported.
He explained that it was "misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token."
PeckShield supported this claim, stating that the primary issue appears to be the improperly configured yUSDT.
The attacker exploited this misconfiguration to create 1.2 quadrillion yUSDT from a mere $10,000 investment, later converting it into other stablecoins.
Also Read: Bitcoin Skyrockets To $30,000: Experts Predict A Crypto Revolution On The Horizon
Yearn Finance contributor Storm Blessed 0x acknowledged the situation on Twitter, saying, "We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and liquidity pool."
"Yearn v2 vaults seem not to be impacted. Yearn contributors are investigating."
Aave V1 was involved but not exploited The Aave V1 protocol was utilized in the attack for a series of swaps, however, the Aave team confirmed that their protocol was not exploited.
Aave CEO Stani Kulechov tweeted, "We can confirm that Aave V1 was not impacted."
PeckShield added, "We need to clarify that the root cause is due to misconfigured yUSDT, not related to Aave."
Read Next: Shanghai Update Imminent: All You Need To Know About Major Ethereum Upgrade Set For Deployment
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.