On the night of February 5, hackers attacked one of the Yearn.Finance pools and withdrew $2.8 million. Storage losses amounted to $11 million.
Tonight, users began to notice that their accounts were losing funds. In the morning, the team reported that a vulnerability was found in one of the pools, which has already been fixed. In the official Twitter account, the developers clarified that the attack damaged the v1 yDAI storage.
We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.
— yearn.finance (@iearnfinance) February 4, 2021
The hacker took with him $ 2.8 million, while the storage lost $ 11 million. Deposits of v1 v1 DAI, TUSD, USDC, USDT storages are disabled.
The attacker used numerous DeFi protocols. It was a complex exploit: 160 transactions and 8.6 million units of gas. The attack used the Aave protocol flash loan service.
The DeFi project Yearn.Finance allows users to deposit funds into storage, from which assets are distributed through other DeFi protocols to earn interest.