• A bug in Yearn Finance’s yUSD stablecoin was impacted in an exploit this morning, leading to millions of dollars in losses.
• The exploiter was able to steal millions of U.S. dollar-pegged stablecoins.
• Aave version 1 was initially thought to be affected by the exploit, but developers said that the protocol was unaffected and merely used as a token swap for the exploit.
Exploit Affects Yearn Finance
Early this morning, security firm PeckShield tweeted that a bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit, leading to millions of dollars in losses. The losses could total over $11 million and were spread across U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD).
Aave Version 1 Unaffected
Aave version 1 was initially thought to be affected by the exploit, but Aave developers said that the protocol was unaffected and merely used as a token swap for the exploit which mainly involved Yearn’s yUSD stablecoin. PeckShield clarified that the root cause is due to misconfigured yUSDT, not related to Aave.
Exploiter Mints Over 1 Quadrillion yUSDT
PeckShield reported that exploiters were able to mint over 1.2 quadrillion yUSDT using a $10,000 initial deposit, which they then used to trick the Yearn Finance protocol into eventually cashing out millions of dollars in stablecoins.
Impact Limited To Version 1
Marc Zeller from Aave-Chan initiative and former Aave integration lead clarified that v1 has been frozen since December 2022; therefore its impact on the protocol is limited as its current size is only $18 million with the current size of Aave’s safety module at $382 million. Version 2 and 3 of Aave were not impacted at writing time according to Zeller’s tweets at time of writing..
Takeaways
This incident serves as a reminder for users and developers alike to always stay vigilant against potential exploits and bugs; it also highlights how quickly these issues can arise when using DeFi protocols like Yearn Finance or other financial services offered by blockchain networks such as Ethereum’s smart contracts..