{"id":77138,"date":"2023-04-13T12:23:50","date_gmt":"2023-04-13T09:23:50","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=77138"},"modified":"2025-09-10T21:37:23","modified_gmt":"2025-09-10T18:37:23","slug":"hacker-drains-11-6m-from-yearn-finance-defi-protocol","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-drains-11-6m-from-yearn-finance-defi-protocol\/","title":{"rendered":"Hacker drains $11.6m from Yearn Finance DeFi protocol"},"content":{"rendered":"<p>On 13 April, a hacker stole crypto assets worth $11.6m from Yearn Finance&#8217;s DeFi protocol through an exploit in the platform&#8217;s stablecoin contract \u2014 yUSDT.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The loss of today\u2019s <a href=\"https:\/\/twitter.com\/iearnfinance?ref_src=twsrc%5Etfw\">@iearnfinance<\/a> yUSDT hack is ~$11.6m. <\/p>\n<p>As mentioned earlier, the hacker exploits a bug in the misconfigured yUSDT \u2014 <a href=\"https:\/\/t.co\/sYuEuiBhAo\">https:\/\/t.co\/sYuEuiBhAo<\/a> \u2014 to mint extremely huge amount of yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. Next, the minted yUSDT is\u2026 <a href=\"https:\/\/t.co\/Qz3vwtbcot\">https:\/\/t.co\/Qz3vwtbcot<\/a> <a href=\"https:\/\/t.co\/UZf3TJNPMu\">pic.twitter.com\/UZf3TJNPMu<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1646421063176450048?ref_src=twsrc%5Etfw\">April 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The primary cause of the error was a misconfiguration of yUSDT, which is an analogue <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-tether-usdt\">\u00abstablecoin\u00bb from Tether<\/a>.\u00a0<\/p>\n<p>According to PeckShield analysts, the hacker managed to mint more than 1.2 quadrillion yUSDT, using a deposit of 10 000 USDT. After that, he swapped the minted coins for other stablecoins, including DAI, USDT, USDC, BUSD, and TUSD.<\/p>\n<p>The hacker used the first version of the <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-aave\">Aave<\/a> protocol to create a large array of swaps. However, the project team said the network itself was not affected.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of this transaction, and it did not have an impact on Aave V2 and Aave V3. <\/p>\n<p>We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol which has been frozen. We\u2019re monitoring the situation closely to ensure no further concerns. <a href=\"https:\/\/t.co\/uM9wtLNJMl\">https:\/\/t.co\/uM9wtLNJMl<\/a><\/p>\n<p>\u2014 Aave (@AaveAave) <a href=\"https:\/\/twitter.com\/AaveAave\/status\/1646410238797688832?ref_src=twsrc%5Etfw\">April 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abWe are aware of this transaction, and it did not affect Aave V2 and Aave V3. We are now assessing whether there is any impact on Aave V1, the oldest version of the protocol, which has been frozen. We are closely monitoring the situation to prevent any further issues\u00bb, \u2014 wrote the developers.\u00a0<\/p>\n<\/blockquote>\n<p>Representatives from Yearn Finance also said that an investigation has begun. They said the issue relates to \u201cthe outdated iearn protocol launched in 2020, and the liquidity pool.\u201d The platform\u2019s v2 vaults are safe.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and liquidity pool. <\/p>\n<p>Yearn v2 vaults seem not to be impacted. <\/p>\n<p>Yearn contributors are investigating. <\/p>\n<p>Further comms to follow on main account. <a href=\"https:\/\/t.co\/CKddWwjFj8\">https:\/\/t.co\/CKddWwjFj8<\/a><\/p>\n<p>\u2014 Storm Blessed 0x ?? (@storming0x) <a href=\"https:\/\/twitter.com\/storming0x\/status\/1646408774477922305?ref_src=twsrc%5Etfw\">April 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts at Nansen noted that the hacker has already moved the funds to three addresses in ETH, DAI, USDC and BUSD.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The yUSDT exploiter has split their funds to 3 addresses with a total amount of $11.3 million in ETH, DAI, USDC, and BUSD<\/p>\n<p>Check the exploiter\u2019s transactions here: <a href=\"https:\/\/t.co\/Vkctitu6ga\">https:\/\/t.co\/Vkctitu6ga<\/a> <a href=\"https:\/\/t.co\/T4AuNxaZNg\">pic.twitter.com\/T4AuNxaZNg<\/a><\/p>\n<p>\u2014 Nansen Portfolio (@nansenportfolio) <a href=\"https:\/\/twitter.com\/nansenportfolio\/status\/1646416143689867265?ref_src=twsrc%5Etfw\">April 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In April, the DeFi protocol Terraport Finance on Terra Classic was subjected to <a href=\"https:\/\/u1f987.com\/en\/news\/terraport-finance-defi-protocol-hacked-ten-days-after-launch\">$2 million hacker attack<\/a> ten days after its official launch.<\/p>\n<p>In the same month, CertiK analysts said that in Q1 2023 blockchain projects <a href=\"https:\/\/u1f987.com\/en\/news\/crypto-projects-lost-more-than-320-million-to-hacks-in-the-quarter\">lost more than $320 million<\/a> due to hacks and fraud.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 13 April, a hacker stole crypto assets worth $11.6 million from Yearn Finance&#8217;s DeFi protocol via an exploit in the yUSDT stablecoin contract.<\/p>\n","protected":false},"author":1,"featured_media":77139,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093],"class_list":["post-77138","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"43","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=77138"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77138\/revisions"}],"predecessor-version":[{"id":77140,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77138\/revisions\/77140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/77139"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=77138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=77138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=77138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}