Progress of Investigation into Yearn’s Attack: Vulnerability in iEarn USDT Token Contract Caused Exploitation of Multiple Curve Pools
On April 14th, it was reported that Yearn Finance posted on Twitter the progress of the investigation into the attack, stating that as previously stated, the root cause of the atta
On April 14th, it was reported that Yearn Finance posted on Twitter the progress of the investigation into the attack, stating that as previously stated, the root cause of the attack on Yearn was a vulnerability left in the iEarn USDT (yUSDT) token contract. This vulnerability exists in multiple versions and leads to multiple Curve pools (y, busd, pax) being exploited and exhausted. The liquidity providers who deposit LP tokens into downstream protocols are still affected, including users who encapsulate the Yearn v2 vault (2) and the old version v1 vault (2) of these affected LPs. In previous tweets, Year stated that the current version of Year v2 Vaults is not affected.
Year: The vulnerability in yUSDT token contract exists in multiple versions, and the liquidity providers of downstream protocols are still affected
As more fintech companies band together to maximize their potential in the industry, the threat of fraudulent activities also increases. Yearn Finance recently fell victim to an attack that had been traced back to a vulnerability in iEarn’s USDT (yUSDT) token contracts. Now, the investigation into the cause of the attack has been reported to show that the same vulnerability caused the exploitation of multiple Curve pools (y, busd, pax), leaving liquidity providers and users affected.
Background
Yearn Finance is a decentralized finance (DeFi) platform and aggregator that provides yield-generating strategies to its users. It operates by automating yield farming to maximize profits. As a DeFi protocol, Yearn has been growing steadily, with its governance token surging to over $4,000 earlier this year.
However, on April 14th, Yearn made an announcement on Twitter regarding an attack that had been launched against the platform. According to the announcement, the vulnerability left in the iEarn USDT token contract caused the exploitation of several Curve pools, leaving users affected.
The Investigation
In a progress report posted on Twitter, Yearn indicated that the root cause of the attack on Yearn was indeed the vulnerability in the iEarn USDT token contract. The vulnerability exists in multiple versions and leads to multiple Curve pools (y, busd, pax) being exploited and exhausted.
“To be more specific, the vulnerability leads to emptying the balances of yCRV depositors by using other pools’ amounts as liquidity for swap attacks,” the report stated. Additionally, the liquidity providers who deposit LP tokens into downstream protocols have been affected. This includes users who encapsulate the Yearn v2 vault (2) and the old version v1 vault (2) of the affected LPs.
Despite the extent of the attack, the current version of Yearn v2 Vault is said to be unaffected, according to the report.
The Implications
The attack on Yearn Finance highlights the ever-growing concern for security in the DeFi space. The fact that a simple vulnerability in a single token contract could lead to the exploitation of multiple pools raises concerns about the complexity of the industry. Furthermore, it underscores the need for appropriate measures to be put in place to secure the decentralized protocols and the funds they hold.
The Way Forward
As it stands, Yearn Finance is set to roll out new security measures, which include integrating Sushiswap’s Bentobox framework with the forthcoming V2 Vaults. The move is expected to improve the overall security of the protocol by ensuring that the tokens kept under custody by Yearn in the Bentobox are safe from attacks.
In the meantime, users and liquidity providers who were affected by the attack have been advised to watch out for fake websites and scams. Yearn Finance has also urged its community to remain vigilant and to report any unsavory activities to the appropriate authorities.
Conclusion
The vulnerability in the iEarn USDT token contract that caused the recent attack on Yearn Finance highlights the importance of security in the DeFi ecosystem. It is essential for DeFi protocols to put in place appropriate measures to make sure their platforms are secure from future attacks. As the industry continues to grow, so does the threat of malicious activity, which underlines the need for greater security.
FAQs
1. How did Yearn Finance get hacked?
Yearn Finance was hacked through a vulnerability that was left in the iEarn USDT token contract. This vulnerability was used to exploit multiple Curve pools.
2. What measures is Yearn Finance taking to prevent future attacks?
Yearn Finance is set to roll out new security measures, which include integrating Sushiswap’s Bentobox framework with the forthcoming V2 Vaults. The move is expected to improve the overall security of the protocol by ensuring that the tokens kept under custody by Yearn in the Bentobox are safe from attacks.
3. Are users and liquidity providers affected by the attack safe?
Users and liquidity providers who were affected by the attack have been advised to watch out for fake websites and scams. Yearn Finance has also urged its community to remain vigilant and to report any unsavory activities to the appropriate authorities.
This article and pictures are from the Internet and do not represent SipPop's position. If you infringe, please contact us to delete:https://www.sippop.com/20807.htm
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Related recommendations
-
The Rise of Arbitrum One Network: 2.5 Million Independent Users and 100 Million Transactions
According to the latest data of Dune Analytics, the number of independent users of the Arbitrum One Network has exceeded 2.5 million, currently 2509180, and the
-
0x Protocol integrates with KyberSwap to provide liquidity on Ethereum and Polygon
On March 9, it was reported that the decentralized transaction protocol 0x Protocol has been integrated with the Elastic of KyberSwap, the DEX aggregator of Kyb
-
Ordinals GAS Booms with Over 100 BTC in Cost Revenue
According to reports, according to the latest data from Dune Analytics, the cost revenue of the Bitcoin NFT protocol Ordinals GAS has exceeded 100BTC, reaching
-
Baidu Launches ERNIE Bot – A Big Language Model
It is reported that Robin Lee, CEO of Baidu, announced that Baidu officially launched the big language model \”ERNIE Bot\”. From March 16, the first batch of user
-
#Digital RMB Industry Alliance Expands with 26 New Members
According to reports, during the 6th Digital China Construction Summit, the Digital RMB Industry Alliance will add 26 new alliance units, including 1 vice chairman unit, 15 council
-
Coinbase and Circle receive NYDFS approval to offer BUSD transactions 24/7
21:00-7:00 Keyword: Coinbase, BUSD, Circle, NYDFS
Overview of important developments overnight on February 14
Interpret the above information:
… -
NYDFS Orders Paxos to Stop Issuing BUSD Due to Unresolved Relationship Problems with Qian’an
On February 14, the New York State Department of Financial Services (NYDFS) officially explained that: \”The department has ordered Paxos to stop casting the BU…
-
Full-Network Contract Breach in Digital Currency Amounts to US $83.8516 Million
It is reported that the data of the full-network contract breach of digital currency shows that the full-network contract breach in the past 24 hours is US $83…
-
Ethereum Gas Cost Skyrockets in 10 Minutes
According to the report, the data of Ultrasound. Money shows that the current Ethereum Gas cost has risen to 38Gwei, rising 137.5% in 10 minutes.
Ether…
-
Whale Alert: Record-Breaking Bitcoin Transfers
According to reports, Whale Alert monitoring data shows that at 13:33:08 Beijing time, 2000 Bitcoins (approximately $60 million) were transferred from unknown a