Decentralized finance (DeFi) protocols Aave and Yearn Finance have been targeted in flash loan attacks, Pechshield said. Tweet.

Abusers have already exfiltrated over $10 million in stablecoins from the Yearn Finance protocol. However, Aave says: Tweet Aave V1, V2, and V3 were not affected by the attack.

Stablecoins leaked by the exploit included $3 million in DAI, $2.5 million in USD Coin (USDC), $1.7 million in BinanceUSD (BUSD), $1.19 million in Tether (USDT), and $1.5 million in True Includes USD (TUSD). according to to look-on-chain.

Peckshield said the root cause of the attack on Yearn Finance was a misconfiguration of yUSDT. A liquidity token pegged to deposited USDT. This allowed the attacker to use only $10,000 worth of his USDT to create a large amount of his yUSDT. The abuser then exchanged his yUSDT tokens for other stablecoins.

according to De.Fi Security Expert$yUSDT has been changed to use the Fulcrum iUSDC token instead of the original Fulcrum iUSDT token.

De.Fi’s security department Vulnerability It was used to mint 1.2 trillion yUSDT of $yUSDT tokens. yUSDT was swapped into various stablecoins to draw liquidity from personal wallets. The attacker is her Ethereum blockchain stablecoin on these wallet addresses.

  • 0x6f4A6262d06272c8B2E00Ce75e76d84b9D6F6aB8
  • 0x16Af29b7eFbf019ef30aae9023A5140c012374A5

At the time of writing, one of the attacker’s wallets held $5.77 million worth of assets. According to Etherscan, this includes about $2.4 million worth of Ethereum (ETH), $1.7 million worth of his BUSD, and $1.5 million worth of his Aave interest-bearing TUSD. dataAbusers are routing stolen funds to multiple wallets.

The attack follows last week’s SushiSwap exploit, resulting in the loss of more than $3 million in assets.

(Article updated to clarify that Aave was not affected by the attack)

The post that Yearn Finance exploited with over $10 million in stablecoins first appeared on CryptoSlate.

By Jules

Leave a Reply