Yearn, a DeFi stalwart offering set-and-forget yield vaults, has announced an incident involving its yUSND vault on the Arbitrum network.
The disclosure comes from pseudonymous Yearn contributor johnnyonline who explains that “insufficient USND liquidity” led to “severe slippage” in swapping liquidation rewards, one of the strategy’s yield sources.
The incident was confined to the vault’s rETH Stability Pool Strategy, to which 28% of its assets are allocated.
Losses were relatively small, especially by DeFi’s standards, at just over $25,000 in USND. This represents a “5.2% drawdown for yUSND depositors.”
The post reassures users that Yearn has fully covered losses to protect user principal, and that “only the vault’s realized yield potential was impacted.”
Despite the team disclosing the incident on November 26, it occurred on September 28, with losses covered on October 11.
Going forward, similar strategies will offload collateral in “smaller tranches” to reduce the risk of slippage-related losses. An additional “price-guard mechanism” is also in place to act as a circuit breaker.
Read more: High yields to haircuts: Has DeFi learned anything from yield vault collapse?
The DeFi risk landscape
Launched in 2020 as iearn Finance, “DeFi’s Yield Aggregator” hit a peak of $6.9 billion total-value locked (TVL) in late 2021. It currently holds $343 million, according to DeFiLlama data.
DeFi is often thought of as a wild-west corner of the already risky wider crypto sector. But many users consider certain long-standing, battle-tested protocols as “blue-chips,” or a safe pairs of hands: Aave for lending, Lido for liquid staking, Yearn for yield.
This distinction became clear during the recent spectacular collapse of degen yield vaults such as Stream Finance.
Pseudonymous Yearn contributor Schlagonia was among those who raised the alarm over Stream’s xUSD and Elixir’s deUSD “recursively minting” each other’s assets.
They called the system a “daisy chain” in which “recursive self minting and lending fuel[ed] basically all of the ‘growth’.”
That’s not to say, however, that Yearn hasn’t had its fair share of issues; today’s announcement marks the project’s fourth incident since launch.
Read more: DeFi projects under fire for inflated TVL and murky lending loops
Yearn’s burns
In February 2021, a flash-loan attack caused $11 million in losses to Yearn’s DAI v1 vault, with the hacker profiting just $2.8 million.
Read more: DeFi platform Yearn exploits itself, begs for money back
Two years later, in April 2023, the exploit of a three year-old vulnerability caused a further $11.4 million loss, due to a copy-paste error in the list of yUSDT’s underlying assets.
Later that same year, in December, a “faulty multisig script” led to the loss of $1.4 million for the project’s treasury.
Also chalked up to “significant slippage,” the swap accidentally contained he project’s entire yCRV token balance, rather than just the earned fees.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
Source: https://protos.com/defi-yield-aggregator-yearn-discloses-september-incident-in-yusnd-vault/