- The Popularity of ChatGPT has Led to an Increase in Smartphone Scams - August 17, 2023
- BlackBit and LokiLocker Ransomware Attacks are on the Rise in Russia - August 17, 2023
- How Can Phishing be Used to Make Governmental Services a “Profitable Business”? - August 16, 2023
Yearn decentralized finance (DeFi) protocol has recently been targeted by attackers, resulting in a loss of more than $10 million in stablecoins.
According to the experts from the cybersecurity company, PeckShield, the criminals took advantage of the vulnerability of the USDT smart-contract and released more than quadrillion of USDT tokenized stablecoins using $10,000 in USDT.
Lookonchain, another blockchain analytics organization, estimated that the criminals managed to withdraw $3 million in DAI, over $2.5 million in USDC, almost $1.8 million in BUSD, $1.5 million in TUSD, and $1.1 million in USDT.
Safety Problems in Crypto
The Yearn hack has raised really serious concerns in the whole crypto community about the security of DeFi protocols in general and the risks associated with investing in them. DeFi, which offers decentralized and transparent financial services, has the potential to completely transform the financial sector, but it is still a young field that is susceptible to intrusion. Therefore, it is crucial that users and investors properly evaluate the dangers before engaging in DeFi protocols.
The released stablecoins were later exchanged for other assets in order to be withdrawn from the contract. To make the attack harder to trace, the hackers deposited USDT stablecoin through the authorized mixer Tornado Cash. Yearn Finance representatives acknowledged the breach but pointed out that the vulnerability does not apply to the most recent iterations of the protocol.
Why The Attack Happened
Using the alias @samczsun on twitter, an expert from the venture capital company Paradigm, asserts that the protocol has been insecure since it was introduced more than three years ago. It’s thought that the developers of the project used the wrong address to track the yUSDT stablecoin’s collateral (the address of iUSDC was tracked instead).
It is worth noting that Terraport Finance, a decentralized platform that utilizes the Terra Classic network, was also compromised. The hacker emptied all pools, withdrew about $2 million in digital assets from the network, and then transferred them to Binance and MEXC Global, according to the project’s representatives.