As DeFi hacks continue to plague the cryptocurrency industry, PeckShield, blockchain security firm reports that Aave and Yearn Finance are the latest protocols to be targeted by exploiters.
Aave’s version 1 was impacted, while versions 2 and 3 remained unaffected. The oldest version has been frozen since December 2022, and the team behind the lending protocol said it is monitoring the situation. Yearn Finance has not provided any details regarding the extent of the exploit.
PeckShield clarified that the root cause is due to misconfigured yUSDT, not related to Aave. ‘It appears the root cause is due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by swapping to other stablecoins,’ PeckShield said.
“The exploiter may have made over $10 million in stablecoins DAI, USDC, BUSD, USDT, and TUSD” according to Lookonchain’s data.
“Aave Chan creator Marc Zeller said the issue is unlikely but not impossible. V1’s current size is $18 million while the Aave safety module stands at $382.50 million.”
This year has seen a surge in stories of hacks and exploits in DeFi protocols. In March alone, cybercriminals stole $211.5 million worth of cryptocurrencies via 26 attacks. Earlier this week, $3.3 million in ETH was drained from SushiSwap’s approval contract.”
Disclaimer: This is a developing story and will be updated.
