- Yearn Finance lost over $10 million in a hack.
- Aave says V1, V2, and V3 are untouched.
- Yearn is not new to exploits.
YEREVAN (CoinChapter.com) – An exploiter attacked a suite of decentralized services, Yearn, and, according to the initial statement by LookOnChain, crypto lender Aave.
Overall, the hacker stole around $10 million in various stablecoins, including over 3 million DAI, 2.6 million USDC, 1.8 million BUSD, 1.5 million TUSD, and 1.2 million USDT.
Yearn lost millions, while Aave claims V1, V2, and V3 are safe
Aave denied that any of its versions were affected.
A developer associated with Yearn commented that “Yearn v2 vaults seem not to be impacted. Yearn contributors are investigating.”
Second Yearn Attack Since 2021
Meanwhile, the incident was not Yearn’s first hack. The platform lost approximately $11 million in 2021, and the attacker reportedly got away with approximately $2.8 million.
The 2021 attack’s nature could be categorized as an “arbitrage.” The hacker used a flash loan to borrow 116,000 Ether from the margin trading platform dYdX and 99,000 from Aave. Then used those assets as collateral to borrow more crypto. The culprit then repeatedly deposited those borrowed assets in a Yearn pool.
Notably, the exploit also involved stablecoins. The attacker manipulated the Dai rate in the pool and benefitted from that rate by exchanging the liquidity provider tokens earned for stablecoins. The nature of the current attack is not yet clear.
The platform could provide more information in the coming hours, shedding more light on the incident.