Early reports from security firms suggest that an exploit involving the DeFi protocols Aave V1 and Yearn Finance has taken place. The size of the exploit is estimated to be around $10 million, according to PeckShield.
The exploiter received a mix of stablecoins, including DAI, USDC, BUSD, TUSD and USDT, according to LookOnChain.
Aave Chan Initiative founder Marc Zeller’s recent tweets suggest the exploit is focused on the version 1 of Aave. “Aave V1 has been frozen since Dec 2022, so no user can deposit or increase borrow size making issue unlikely but not impossible,” he said. He noted thatthe current size of Aave V1 is $18 million but the project has a safety module of $382.5 million — which could be used to compensate for lost funds.
Zeller added that Aave is researching the situation.
Pseudonymous crypto researcher Samczsun claimed that the Yearn Finance’s version of USDT, called yUSDT, has been broken since it was deployed around three years ago. He said it was “misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.”
This story is breaking and will be updated.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://www.theblock.co/post/226134/exploit-involving-aave-v1-and-yearn-estimated-to-be-around-10-million-peckshield?utm_source=rss&utm_medium=rss