Yearn.Finance, one of the most popular projects in the decentralized finance (DeFi) sector, has just announced one of its vaults has been attacked and has lost $11M in assets. The project's developers have reported through the company's official Twitter account that the v1 yDAI vault has been affected and that the exploit has been mitigated. Later, the lead developer of Yearn.Finance, known as banteg, has added:
"Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate."
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.
Yearn.Finance allows users to deposit assets into pools or vaults, from where they are then distributed through other DeFi protocols to earn money on interests.
DeFi Aave platform founder Stani Kulechov has pointed to the attacker's transaction, which involved the use of multiple DeFi protocols and amounted to more than $5,000 in processing fees:
"Complex exploit with over 160 nested transactions transactions and 8,6 mm gas used (around 75% of the block) resulted to 2.7 mm USD loss."
In particular, a flash lending function of the Aave protocol was used, which allows to receive an unlimited amount of assets without collateral, provided that they are returned in the same block. Investor Julien Thevenard also noted that as a result of this operation, the Curve Finance protocol stakers earned $3.5M.