Decentralized finance (DeFi) protocols Aave and Yearn Finance are suffering from an ongoing flash loan attack at the time of writing, Pechshield pointed out in a tweet.
The exploiter has already drained over $10 million in stablecoins from the protocols, including over $3 million DAI, $2.5 million USD Coin (USDC), $1.7 million BinanceUSD (BUSD), $1.19 million Tether (USDT), and $1.5 million worth of True USD (TUSD), according to Lookonchain.
At the time of writing, one of the attacker’s wallets held $5.77 million worth of assets. This includes around $2.4 million worth of Ethereum (ETH), $1.7 million BUSD, and $1.5 million worth of Aave interest-bearing TUSD, according to Etherscan data. The exploiter has been routing the stolen funds through multiple wallets.
Aave noted in a tweet that Aave V1, V2, and V3 were not impacted by the attack.
As per Peckshield, the root cause of the attack on Yearn Finance was a misconfiguration of yUSDT, the liquidity token pegged to your deposited USDT. This allowed the attacker to mint a huge amount of yUSDT using only $10,000 worth of USDT. The exploiter then swapped the yUSDT tokens with other stablecoins, Pechshield said.
The attack on Aave and Yearn comes on the heels of the SushiSwap exploit last week that resulted in the loss of over $3 million worth of assets.
The post Aave and Yearn Finance exploited for over $10M in stablecoins appeared first on CryptoSlate.
Source: https://cryptoslate.com/aave-and-yearn-finance-exploited-for-over-10m-in-stablecoins/