The first DeFi exploit of 2021

How did it happen?

It began when the Yearn team announced that they noticed an exploit in the Yearn DAI vault.

Hours later, a Yearn core developer that goes by Banteg, followed up by specifying the exact damage done in the attack; the attacker was able to pocket $2.8 in stolen funds from the exploit and Yearn’s Dai vault sustained a total loss of $11 million.

The exploit happened by way of flash loan attack, a method that we typically see used when it comes to DeFi exploits.  

“In a nutshell, someone deposited a bunch to Curve 3pool to manipulate DAI price given by the pool,” said Curve CEO Michael Egorov, “[Yearn’s] vault somehow was relying on the DAI price given by this pool. Then the contract withdrew after the attack. And repeated many times taking flash-borrowed funds.”

Although the attacker was able to successfully execute the attack, Yearn’s security team was able to mitigate the overall damage by intervening midway through the exploit. 

“Acting in roughly 11 minutes, Yearn’s security team and multi-sig wallet signers were able to stop the exploit while it was underway, saving 24m DAI out of the vault’s total 35m DAI deposits,” said Yearn in their post-mortem report.

Next steps

Yearn has not announced any next steps, recompensation, or insurance plan for Yearn users that suffered losses due to the exploit; however, Tether CTO Paolo Ardoino says that Tether has frozen 1.7M USDT connected to the Yearn exploit.

The Yearn Finance exploit is the first of what will most likely be many DeFi exploits that take place this year. In 2020, 17 major DeFi hacks took place that resulted in a total of $154 in lost funds.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.