1 quadrillion yUSDT minted in Yearn Finance exploit

1 quadrillion yUSDT minted in Yearn Finance exploit

By Charles Thuo - min read
  • The hack was detected by blockchain security firm PeckShield.
  • The hacker swapped the yUSDT to other stablecoins.
  • The hacker has also transferred 1,000 Ether to Tornado Cash.

Blockchain Security firm PeckShield recently detected an exploit on the lending platform Yearn Finance that resulted in an irregular minting of over 1 quadrillion Yearn Tether (yUSDT) using $10,000. The hack is the latest in the list of decentralized hacks that seem to be gaining momentum as the year ages.

According to a tweet from PechShield, the hacker proceeded to swap the yUSDT to other cryptocurrencies including $11.6 million worth of stablecoins. The stablecoins include 1.79 million Binance USD (BUSD), 1.5 million TrueUSD (TUSD), 1.2 million Tether (USDT), 2.58 million USD Coin (USDC), 3 million in DAI, and 61,000 Pax Dollar (USDP).

1,000 ETH transferred to Tornado Cash

PeckShield has also stated that the hacker has also managed to transfer 1,000 ETH worth about $2 million to the sanctioned crypto mixer Tornado Cash.

Besides Yearn Finance, PeckShield also flagged Aave to inform them of the hack.

The hacker exploited an outdated smart contract

Yearn Finance made a statement after initial checks and stated that the hack was limited to an outdated smart contract before the V1 and V2 called iearn. According to Yearn Finance, the current Yearn Finance contracts and protocols were not affected by the exploit.

Aave, which was also flagged by PeckShield, confirmed they were aware of the exploit and that none of their versions (V1, V2, and V3) were affected by the hack.

The price of yearn.finance (YFI) token dipped to about $8,945 immediately after the news about the hack broke but has since recovered to $9,094 at press time. The token was still about 2% below yesterday’s trading level although it is still over 7% higher over the last seven days.