$11 Million Drained Out of Yearn Finance in a Flash Loan Exploit

Friday, 05/02/2021 | 07:58 GMT by Arnab Shome
  • The attacker managed to get away with $2.8 million in crypto.
$11 Million Drained Out of Yearn Finance in a Flash Loan Exploit
Pixabay

Yearn.Finance, one of the popular decentralized finance (DeFi) platforms, has suffered a massive attack on one of its DAI lending pools on late Thursday that resulted in the total loss of $11 million, the protocol confirmed on social media.

The attacker used an Aave flash loan to trigger the vault draining. While the protocol lost $11 million from its compromised vault, the attacker managed to get away with only $2.8 million.

“Attacker got away with 2.8m, dai vault lost 11.1m,” Yearn team posted on Discord.

The team is now investigating the breach and, as a precautionary measure, suspended all deposits onto its V1 DAI, USDC, USDT and TUSD.

Yearn developer Banteg further shared that the hacker stole 513,000 DAI, $1.7 million in USDT and the rest in CRV tokens.

Aave Founder, Stani Kulechov detailed that the attacker used a complex 160 nested transactions across multiple DeFi platforms and spent $5,000 in gas fees for the attack.

Interestingly, more than $3 million in the compromised DAI ended up in a Liquidity pool of DeFi lending platform, Curve.

A Popular DeFi Platform

Yearn.Finance is one of the major DeFi protocols with a total locked-in value of little less than $500 million, according to DeFi Pulse. The platform got popular last year among yield farmers as it always enables depositors to recoup all their Yield in the token they initially deposited.

Furthermore, YFI token, the governance token of the platform, suffered after the attack and has dropped 15 percent after the news of the attack become public.

Yearn.Finance, one of the popular decentralized finance (DeFi) platforms, has suffered a massive attack on one of its DAI lending pools on late Thursday that resulted in the total loss of $11 million, the protocol confirmed on social media.

The attacker used an Aave flash loan to trigger the vault draining. While the protocol lost $11 million from its compromised vault, the attacker managed to get away with only $2.8 million.

“Attacker got away with 2.8m, dai vault lost 11.1m,” Yearn team posted on Discord.

The team is now investigating the breach and, as a precautionary measure, suspended all deposits onto its V1 DAI, USDC, USDT and TUSD.

Yearn developer Banteg further shared that the hacker stole 513,000 DAI, $1.7 million in USDT and the rest in CRV tokens.

Aave Founder, Stani Kulechov detailed that the attacker used a complex 160 nested transactions across multiple DeFi platforms and spent $5,000 in gas fees for the attack.

Interestingly, more than $3 million in the compromised DAI ended up in a Liquidity pool of DeFi lending platform, Curve.

A Popular DeFi Platform

Yearn.Finance is one of the major DeFi protocols with a total locked-in value of little less than $500 million, according to DeFi Pulse. The platform got popular last year among yield farmers as it always enables depositors to recoup all their Yield in the token they initially deposited.

Furthermore, YFI token, the governance token of the platform, suffered after the attack and has dropped 15 percent after the news of the attack become public.

About the Author: Arnab Shome
Arnab Shome
  • 6613 Articles
  • 97 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6613 Articles
  • 97 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}