Facebook X (Twitter) LinkedIn Telegram
    • About
    • Advertise
    • Submit Press Release
    • Contact
    Facebook X (Twitter) LinkedIn Telegram
    BlockonomiBlockonomi
    • Prices
      • All Coins
      • Bitcoin Price
      • Ethereum Price
      • Ripple Price
      • EOS Price
      • Litecoin Price
      • Monero Price
      • Binance Coin Price
      • Bitcoin Cash Price
      • Chainlink Price
      • Cardano Price
      • Stellar Price
      • Tron Price
    • Sections
      • All
      • Analysis
      • Bitcoin
      • Ethereum
      • Education
      • Trading
      • Buying
      • DeFi
      • NFTs
      • Metaverse
      • Exchanges
      • Brokers
      • Guides
      • Gaming
      • Privacy
      • Business
      • Finance
      • Fintech
      • Regulation
      • Security
    • Claim Free Crypto!
    • Gamble With Crypto!
    • Easily Buy Crypto!
    Home / About / Advertise / Submit Press Release
    BlockonomiBlockonomi
    DeFi Security

    Attacker Drains $11 Million In DAI from Yearn Finance Vault

    Tokens worth $2.8 Million were stolen by an attacker who took advantage of a Yearn Finance exploit on January 4th.
    Nicholas SayBy Nicholas SayFebruary 8, 2021No Comments4 Mins Read
    Telegram Twitter LinkedIn WhatsApp Facebook Email
    DeFi
    Share
    Facebook Twitter LinkedIn Email Telegram WhatsApp

    Tokens worth $2.8 Million were stolen by an attacker who took advantage of a Yearn Finance exploit on January 4th, with a total of $11 million being lost from DAI vault.

    The attack on Yearn Finance took advantage of an Aave flash loan to drain the vault, using over 160 nested transactions to commit the exploit that resulted in $8.6 million in gas fees.

    The popular DeFi yield farming project’s official Twitter account announced the attack by stating: “We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.”

    A vulnerability disclosure report was published the next day in the project’s official Github, providing further details on the attack and more information on how the exploit took place.

    Getting Into the Yearn Vault

    Table of Contents

    • Getting Into the Yearn Vault
    • The Controversy Around Tether’s Decentralization
    • YFI Felt the Effects

    According to the report, Yearn’s security team and multi-sig wallet signers were able to stop the attack while it was underway only 11 minutes after it been reported, saving more than 2 thirds of the vault’s total deposits ($35 Million).

    The suspicious activity by a contract was reported by Andre Cronje at 21:45 (UTC), which was later found to be an exploit achieved by debalancing the exchange rate between the stablecoins in the pool, making the yDAI vault deposit into the pool at an unfavorable rate, and then reversing the first imbalance.

    After repeating this process in 11 transactions that took place over 38 minutes, the attacker was able to extract $2.8 from the vault before Yearn’s team mitigated the attack.

    The security team’s report identified 3 factors as contributing to the exploit, which included a loose slippage protection value, null withdrawal fee, and the vault being a v1 vault.

    The Controversy Around Tether’s Decentralization

    Tether Ltd. announced on February 5th, e company behind the stablecoin Tether (USDT), that it had frozen part of the funds stolen from Yearn Finance, mitigating the loss by $1.7 million. This move by Tether will effectively prevent the attacker from using the funds in any way.

    This is not the first time that Tether freezes funds acquired by hackers. The company froze $20 million back in 2020 when the popular cryptocurrency exchange KuCoin lost over $200 million after being attacked.

    These decisions have been controversial as a result of the lack of decentralization that allowed Tether to take such actions, which according to critics would be against the spirit of decentralized finance.

    Paolo Ardoino, CTO of Tether, replied to critics by Tweeting:

    “I want to use this occasion to remind everyone that Tether $USDt is a centralized stablecoin using blockchains as transport layer. Among Tether duties there is the responsibility of acting and collaborating with LE and regulators regarding potential dangerous behavior.”

    While cryptocurrencies tend to be as decentralized as possible, it is a common misunderstanding that this is a characteristic innate to the technology. While decentralization comes with some benefits for the users of a platform, cases like this one continue to generate discussion around the cons of total decentralization.

    YFI Felt the Effects

    Yearn Finance’s token, YFI, had been experiencing an uptrend since the start of February the 1st. However, the events transcurred on February the 4th saw the token’s value drop after having reached its highest point in the last 2 weeks ($34.386).

    The value of the token dropped by about 15%in a matter of minutes after news of the attack became public, rebounding slightly but staying under the initial value ever since.

    The protocol’s decentralized governance recently passed a vote to mind 6666 new YFI tokens to ensure the future development of the protocol, which would represent over $150 million.

    The proposal passed the vote with a count of 1,670 YFI to 331, which required 4089 YFI to be staked.

    If the changes are approved by two-thirds of the Yearn Multisig wallet members, 66% of the new tokens would be set aside as treasury while 33% would be issued to key contributors.

    Advertise Here
    Nicholas Say
    • LinkedIn

    Nicholas Say was born in Ann Arbor, Michigan. He has traveled extensively, lived in Uruguay for many years, and currently resides in the Far East. His writing can be found all over the web, with special emphasis placed on realistic development, and the next generation of human technology.

    Related Posts

    Bitget Friend3 Listing: Exchange Embraces Social dApp Innovation

    November 29, 2023

    Trading Firm Offers Deal in $25M Crypto Heist, But Will Hacker Accept?

    November 28, 2023

    Kinto Migrates to Arbitrum, Bringing Compliance to DeFi

    November 22, 2023

    Comments are closed.

    Coinbase Earn
    Advertise Here
    Gambling
    • mBit Casino
      VisitReview
    • BC Game
      VisitReview
    • Duelbits
      VisitReview
    • BitcoinCasino
      VisitReview
    • FortuneJack
      VisitReview
    • 1xBit
      VisitReview
    Exchanges
    • KuCoin
      VisitReview
    • Coinbase
      VisitReview
    • Binance
      VisitReview
    • PrimeXBT
      VisitReview
    Koinly
    Advertise Here
    Trading Bots
    • 3Commas
      VisitReview
    • Cryptohopper
      VisitReview
    • CoinRule
      VisitReview
    3commas Trading Bot
    Advertise Here
    All content on Blockonomi.com is provided solely for informational purposes, and is not an offer to buy or sell or a solicitation of an offer to buy or sell any security, product, service or investment. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate.
    Blockonomi™ Copyright © 2017 - 2023 Kooc Media Ltd. All rights reserved. Registered Company No.05695741
    Network: Moneycheck - Finance News / Beanstalk - NFT & Metaverse News
    • About
    • Contact
    • Deals
    • Advertise
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.