Hacker mints 1 quadrillion yUSDT after exploiting old Yearn Finance contract
Blockchain security firm PeckShield recently detected a hack that allowed the exploiter to mint over 1 quadrillion Yearn Tether (yUSDT) from $10,000 in the latest decentralized finance (DeFi) hack.
According to the security firm, the hacker then swapped the yUSDT to other stablecoins, allowing them to take hold of $11.6 million worth of stablecoins. This includes 61,000 Pax Dollar (USDP), 1.5 million TrueUSD (TUSD), 1.79 million Binance USD (BUSD), 1.2 million Tether (USDT), 2.58 million USD Coin (USDC) and 3 million in DAI (DAI).
PeckShield illustrates the flow of funds from the attack. Source: PeckShieldPeckShield said that the hacker has already managed to transfer 1,000 Ether (ETH), currently worth almost $2 million, to the sanctioned cryptocurrency mixer Tornado Cash. The blockchain security company also flagged the DeFi protocols Aave and Yearn Finance to inform them of what was transpiring.
Related: Sentiment recovers $870K after negotiations with hacker
After initial checks, lending platform Yearn Finance made a statement that the issue was limited to iearn, which was an outdated contract before Vaults V1 and V2. The DeFi protocol said that the current Yearn Finance contracts and protocols are not affected by the exploit.
We're looking into an issue with iearn, an outdated contract from before Vaults v1 and v2.
This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols.
iearn is an immutable contract predating YFI, it was deprecated in 2020.
Vaults v1, with…
— yearn (@iearnfinance) April 13, 2023Meanwhile, Aave also said that they are aware of the transaction as well. The liquidity protocol recently confirmed that the hack did not have an impact on its Aave V1, V2 or V3.
While hacks still plague the DeFi space in 2023, the amount of money lost to hacks has been lower compared to the previous years. According to the quarterly report of blockchain security firm CertiK, more than $320 million were lost to hacks in the first quarter of 2023. The losses were a lot lower compared to 2022's first quarter where $1.3 billion were lost and the fourth quarter when $950 million were lost to hacks.
Magazine: US enforcement agencies are turning up the heat on crypto-related crime