Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Yearn decentralized finance (DeFi) protocol has recently been targeted by attackers, resulting in a loss of more than $10 million in stablecoins.
According to the experts from the cybersecurity company, PeckShield, the criminals took advantage of the vulnerability of the USDT smart-contract and released more than quadrillion of USDT tokenized stablecoins using $10,000 in USDT.
Lookonchain, another blockchain analytics organization, estimated that the criminals managed to withdraw $3 million in DAI, over $2.5 million in USDC, almost $1.8 million in BUSD, $1.5 million in TUSD, and $1.1 million in USDT.
Safety Problems in Crypto
The Yearn hack has raised really serious concerns in the whole crypto community about the security of DeFi protocols in general and the risks associated with investing in them. DeFi, which offers decentralized and transparent financial services, has the potential to completely transform the financial sector, but it is still a young field that is susceptible to intrusion. Therefore, it is crucial that users and investors properly evaluate the dangers before engaging in DeFi protocols.
The released stablecoins were later exchanged for other assets in order to be withdrawn from the contract. To make the attack harder to trace, the hackers deposited USDT stablecoin through the authorized mixer Tornado Cash. Yearn Finance representatives acknowledged the breach but pointed out that the vulnerability does not apply to the most recent iterations of the protocol.
Why The Attack Happened
Using the alias @samczsun on twitter, an expert from the venture capital company Paradigm, asserts that the protocol has been insecure since it was introduced more than three years ago. It’s thought that the developers of the project used the wrong address to track the yUSDT stablecoin’s collateral (the address of iUSDC was tracked instead).
It is worth noting that Terraport Finance, a decentralized platform that utilizes the Terra Classic network, was also compromised. The hacker emptied all pools, withdrew about $2 million in digital assets from the network, and then transferred them to Binance and MEXC Global, according to the project’s representatives.