‘Misconfigured’ vulnerability likely impacted DeFi protocols Yearn Finance today, according to security company PeckShield. PeckShield explained that a misconfigured yUSDT possibly allowed a bad actor to mint huge yUSDT before cashing it out. What We Know About Losses to Yearn, Aave While details of the exploit are still being sorted, PeckShield revealed that the misconfigured […]
‘Misconfigured’ vulnerability likely impacted DeFi protocols Yearn Finance today, according to security company PeckShield.
PeckShield explained that a misconfigured yUSDT possibly allowed a bad actor to mint huge yUSDT before cashing it out.
What We Know About Losses to Yearn, Aave
While details of the exploit are still being sorted, PeckShield revealed that the misconfigured yUSDT allowed 1,252,660,242,212,927 yUSDT to be minted from $10,000 USDT.
The firm noted,
“The huge yUSDT is then cashed out by swapping to other stablecoins.”
Nansen claims the yUSDT hacker distributed its $11.3 million in ETH, DAI, USDC, and BUSD money among three addresses.
The vulnerability was reportedly isolated to “iearn legacy protocol launched in 2020 and liquidity pool” and Aave V1.
Yearn Security developer Stormed Blessed Ox confirmed early reports that the exploit likely didn’t affect Yearn v2 vaults.
Meanwhile, the Aave protocol confirms that the hack did not impact Aave V2 and Aave V3. The platform said,
“We are now confirming whether there is any impact on Aave V1, the oldest version of the protocol, which has been frozen. We’re monitoring the situation closely to ensure no further concerns.”
Aave developer Marc Zeller is predicting no monetary impact on V1.
Paradigm researcher Samczsun underlined that yUSDT was misconfigured since its deployment and the last script update was 1,000 days ago.
Meanwhile, other crypto commentators took the incident as a reminder to users to diversify their funds across different DeFi protocols.
This is a developing story. BeInCrypto will update as details emerge.
The post Yearn Finance Allegedly Exploited Out of $10M by ‘Misconfigured’ Token appeared first on BeInCrypto.