RateLimited°C
11-05-2024
BSV
$46.5
Vol 18.65m
-0.43%
BTC
$68753
Vol 46053.62m
-0.26%
BCH
$338.74
Vol 269.83m
-0.14%
LTC
$65.47
Vol 348.34m
-2.01%
DOGE
$0.16
Vol 3753.58m
7.61%
Getting your Trinity Audio player ready...

A hacker who exploited an outdated Yearn Finance contract minted over a quadrillion yUSDT and swapped it for over $11 million worth of other stablecoins.

The attack was first identified by PeckShield, a blockchain security and data analytics company that discovered the $197 million attack on the DeFi platform Euler Finance just a month ago.

According to PeckShield, the hacker leveraged 10,000 USDT to mint over 1,252,660,242,212,927.5 yUSDT, the Yearn Finance placeholder stablecoins better known as Yearn Tether.

The hacker then swapped the yUSDT for other stablecoins. These included 1.2 million USDT, 2.6 million USDC, 3 million DAI, 1.6 million TrueUSD, and 61,000 PAX dollars. He also swapped the yUSDT for 1.79 million BUSD, the Binance-linked stablecoin under scrutiny by the U.S. securities regulator.

The hacker transferred 1.5 million TrueUSD stablecoins to the DeFi platform Aave and borrowed 634 ETH. He then converted some of the other stablecoins to ETH and moved over 1000 ETH to Tornado Cash for laundering. This is just the latest instance of the U.S. Treasury-sanctioned coin mixer being used to launder funds from hacks and other illegal activities.

Yearn Finance later reassured users that the vulnerability was limited to iearn, an outdated contract deployed by the platform’s infamous founder Andre Cronje.

This outdated version, deployed in 2020, is immutable, and developers can’t make any security updates. It has, however, been replaced by versions V1 in 2021 and the current V2. Both are unaffected, according to Yearn.

Yearn has regularly warned developers against deploying applications on top of outdated code. However, on-chain data shows that the vulnerable iearn was still in use before the exploit.

The vulnerability is nothing new, at least for Cronje’s projects. The developer, who was loved and loathed in equal measure, is known to deploy his projects before they were fully developed and work on vulnerabilities in live mode. The approach was quite risky as the users’ assets were always on the line. Yearn Finance users were victims of this approach in 2021 when a hacker exploited a vulnerability to steal $2.8 million.

Watch: Sentinel Node Blockchain Tools to Improve Cybersecurity

Recommended for you

Tether execs draw dividends as threat of US indictment grows
Tether issued its latest quarterly 'attestation' of the reserve assets allegedly backing the $119.4B in issued USDT as of September...
November 5, 2024
Blockchain firm R3 looking for a buyer: report
R3 has raised over $120 million over the years, but broader market conditions have proven tough as its permissioned blockchain...
November 5, 2024
Advertisement
Advertisement
Advertisement