BSV
$70.78
Vol 92.63m
6.68%
BTC
$97949
Vol 58102.86m
-1.46%
BCH
$510.41
Vol 1694.85m
5.03%
LTC
$99.53
Vol 2745.56m
10.44%
DOGE
$0.43
Vol 24577.4m
7.5%
Getting your Trinity Audio player ready...

A hacker who exploited an outdated Yearn Finance contract minted over a quadrillion yUSDT and swapped it for over $11 million worth of other stablecoins.

The attack was first identified by PeckShield, a blockchain security and data analytics company that discovered the $197 million attack on the DeFi platform Euler Finance just a month ago.

According to PeckShield, the hacker leveraged 10,000 USDT to mint over 1,252,660,242,212,927.5 yUSDT, the Yearn Finance placeholder stablecoins better known as Yearn Tether.

The hacker then swapped the yUSDT for other stablecoins. These included 1.2 million USDT, 2.6 million USDC, 3 million DAI, 1.6 million TrueUSD, and 61,000 PAX dollars. He also swapped the yUSDT for 1.79 million BUSD, the Binance-linked stablecoin under scrutiny by the U.S. securities regulator.

The hacker transferred 1.5 million TrueUSD stablecoins to the DeFi platform Aave and borrowed 634 ETH. He then converted some of the other stablecoins to ETH and moved over 1000 ETH to Tornado Cash for laundering. This is just the latest instance of the U.S. Treasury-sanctioned coin mixer being used to launder funds from hacks and other illegal activities.

Yearn Finance later reassured users that the vulnerability was limited to iearn, an outdated contract deployed by the platform’s infamous founder Andre Cronje.

This outdated version, deployed in 2020, is immutable, and developers can’t make any security updates. It has, however, been replaced by versions V1 in 2021 and the current V2. Both are unaffected, according to Yearn.

Yearn has regularly warned developers against deploying applications on top of outdated code. However, on-chain data shows that the vulnerable iearn was still in use before the exploit.

The vulnerability is nothing new, at least for Cronje’s projects. The developer, who was loved and loathed in equal measure, is known to deploy his projects before they were fully developed and work on vulnerabilities in live mode. The approach was quite risky as the users’ assets were always on the line. Yearn Finance users were victims of this approach in 2021 when a hacker exploited a vulnerability to steal $2.8 million.

Watch: Sentinel Node Blockchain Tools to Improve Cybersecurity

Recommended for you

Lido DAO members liable for their actions, California judge rules
In a ruling that has sparked outrage among ‘Crypto Bros,’ the California judge said that Andreessen Horowitz and cronies are...
November 22, 2024
How Philippine Web3 startups can overcome adoption hurdles
Key players in the Web3 space were at the Future Proof Tech Summit, sharing their insights on how local startups...
November 22, 2024
Advertisement
Advertisement
Advertisement