- Since only the earlier protocols were compromised, the impact was minimal.
- According to the Aave team, they halted all V1 deposits in December of 2022.
On April 13, cybercriminals exploited a flaw in Yearn’s USDT token, yUSDT, to steal $11.2 million from the Aave V1 and an earlier version of the Yearn Finance protocol.
One of the initial lending and borrowing protocols on DeFi, Aave allows users to earn yield by depositing cryptocurrency and borrowing from other users. Another well-liked DeFi protocol is called Yearn Finance, and it brings together several yield prospects from throughout the industry. Users with USDT stablecoin holdings in Yearn contracts may earn interest on their funds via the usage of the yUSDT token.
Paradigm’s researcher, Samczsun stated:
“It was misconfigured to use the Fulcrum’s iUSDC token instead of the Fulcrum’s iUSDT token.”
Only Older Version Affected
Fulcrum is a DeFi that facilitates the lending and borrowing of Ethereum Classic (ETH) and other ERC-20 tokens. Since only the earlier protocols were compromised, the impact was minimal. According to DefiLlama statistics, Aave V1 had almost $20 million in deposits the day before the attack, on April 12.
Senior developer at Yearn, Storm Blessed 0x, and the Aave verified that the attack likely only affected older versions of the protocols. According to the Aave team, they halted all V1 deposits in December of 2022. According to PeckShield, 1,000 ETH, or around $1.9 million, have been withdrawn by the attackers using the Ethereum mixer Tornado Cash.
After the attack, the founder of Aave’s governance platform Aave-Chan’s Marc Zeller stated that the Aave Safety Module has roughly $382.5 million, which is much more than the total deposits on Aave V1. Depending on what the two community leaders decide, the impacted users will be compensated either from the Safety Module or Yearn’s insurance money.
Recommended For You:
South Korean Centralized Crypto Exchange GDAC Reports $13.9 Million Hack
Source: https://thenewscrypto.com/aave-v1-and-yearn-finance-protocol-exploited-for-11-2-million/