Sunday, February 5, 2023
  • Login
198 Crowd Funding News
No Result
View All Result
  • HOME
  • VIDEO
  • CROWD SUPPORT
  • ARTICLES
  • NEWS
  • BLOG
  • ADS
  • CROWDFUNDING SOURCES
  • BOOKS
  • SPONSORSHIPS
  • CONTACT
  • HOME
  • VIDEO
  • CROWD SUPPORT
  • ARTICLES
  • NEWS
  • BLOG
  • ADS
  • CROWDFUNDING SOURCES
  • BOOKS
  • SPONSORSHIPS
  • CONTACT
No Result
View All Result
198 Crowd Funding News
No Result
View All Result
Home Crowdfunding News

DeFi Platform Yearn.Finance’s DAI Vault Suffers Major Exploit, Hack Leads to $11 Million in Value Drained from Platforms

February 6, 2021
in Crowdfunding News
0
Share on FacebookShare on TwitterShare on Email

[ad_1]

On Thursday (February 4, 2021), an unknown entity reportedly stole $2.8 million from a shared digital or online vault via the investment platform Yearn.Finance. The hacker(s) exploited the vault using Aave, a decentralized finance (DeFi) platform that lets investors make flash loans. These DeFi solutions mainly work by providing a rapid borrowing and repaying of money without the need for putting up collateral.

The team at Yearn.Finance has released a detailed post-mortem report regarding the recent exploit. Tether Ltd, the world’s largest stablecoin issuer, has also frozen $1.7 million in USDT that was allegedly involved in this security breach, Tether CTO Paolo Ardoino confirmed.

The Yearn.Finance team had first confirmed that they had suffered an exploit in one of their stablecoin DAI lending pools.  Then at 5:14 p.m. ET, banteg from the Yearn.Finance team, had posted in their Discord channel that the attacker “got away with 2.8m, dai vault lost 11.1m.”

An Aave flash loan had been issued in order to trigger the vault draining, according to an Ethereum address that may be linked with the attack. Notably, Yearn.Finance is one of the leading DeFi platforms and has now become well-known for enabling depositors to recover all their yield or returns from tokens they’ve deposited. Yearn had performed updates to its vaults, however, just like many other smart contract platforms, the prior smart contracts have persisted.

DeFi Pulse data shows that Yearn has just over $480 million worth of assets locked in its contracts. On version 1 of the DeFi platform, many of Yearn’s lending pools have consistently been earning annual yields of more than 20%.

Users active on Yearn’s Discord and Telegram channels had initially reported the hacking incident and related drains on Thursday (February 4, 2021) afternoon. At around 4:38 p.m. ET in the Yearn Discord server, Jeffrey Bongos had asked whether people knew why the v1Dai vault had been showing that they’ve lost a large amount of Dai in a few minutes. And just after 5 p.m. ET, the front end of the v1 DAI vault on Yearn’s website had been displaying a loss of over 1,000%.

Yearn’s YFI governance token saw its price plummet to $4,000 following the security breach but the token is trading at above $31,000 at the time of writing. The price drop appeared to have come after the exploit became known to the general public (which was when the UniWhales Twitter account had reported a major sale of YFI for ETH).

1 million + $YFI swaps to ETH a few minutes ago.👀👀 pic.twitter.com/RtAAN90s2n

— UniWhales DAO (@uniwhalesio) February 4, 2021

The vault attacked was reportedly Yearn’s v1 DAI vault, which had updated to a new investment strategy in January 2021.

The vault’s strategy when the attack took place was to deposit all funds into the “3pool” on the automated market maker Curve which holds various stablecoins including DAI, USDT and USDC, and lets platform users swap any of these digital assets for each other at really low slippage.

Michael Egorov, CEO at Curve, had explained that a bad actor had deposited to Curve 3pool in order to manipulate the DAI price provided by the pool.

The vault had somehow depended on the DAI price provided by this pool. Then the contract had been withdrawn following the exploit and repeated numerous times taking flash-borrowed funds, Egorov added. He explained that this is a well-documented problem which could potentially be seen in other protocols such as Uniswap, but the leading ERC-20 token exchange is not used as frequently for yield farming purposes.

Egorov added that he has conveyed his views regarding this issue to the team at Yearn.Finance and how this problem may be prevented along with other similar exploits. However, he acknowledged that he had not expected them to make this type of mistake when writing the code.

As summarized in the post-mortem report:

“An exploit against Yearn’s v1 yDAI vault has led to 11m DAI of vault deposits being lost. Acting in roughly 11 minutes, Yearn’s security team and multi-sig wallet signers were able to stop the exploit while it was underway, saving 24m DAI out of the vault’s total 35m DAI deposits. By creating exchange rate imbalances in Curve’s 3pool, an exploiter was able to cause Yearn’s yDAI vault to deposit and withdraw funds from 3pool at unfavorable rates across a series of transactions.”

The report further noted:

“The exploiter profited from the loss by holding a good portion of the Curve 3pool during the attack, and withdrawing to a combination of USDT, DAI, and ETH. It is estimated to have resulted in a 2.7m DAI profit.”

It’s worth noting that even though the attacker stole Yearn valued at $11 million, it took large amounts in fees for them to carry out the exploit. They were “only” able to make $2.7 million in profits, while the liquidity pool fees and staker fees during the hack came to $3.5 million each. Aave v2 fees were around $1.4 million.



[ad_2]

Source link

Tags: DAIDeFiDrainedExploitHackLeadsMajorMillionPlatformPlatformsSuffersVaultYearnFinances
ShareTweetSend

Related Posts

Crowdfunding News

Learning To Play Piano Is Made Easy With PopuPiano

June 3, 2022
Crowdfunding News

Solana Teaches Crypto Investors a Critical Lesson

June 3, 2022
Crowdfunding News

Caught naked!? | Crowdability

June 2, 2022
Crowdfunding News

EP #395 The Formula Nebia Towel Used To Raise $167,750 On Kickstarter

June 2, 2022
Crowdfunding News

News Fix: Startups Face a Souring Economy, SpaceX Skyrockets to $125 Billion

June 1, 2022
Crowdfunding News

Top 5 Crowdfunding Campaigns – May 2022

June 1, 2022
Load More
Next Post

Jeffrey Amico, Counsel at Andreessen Horowitz, Comments on VC Firm's Views Regarding Crypto Protocols and Decentralized Governance

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

LATEST STORIES

Between Music – Crowdfunding video

June 5, 2022

Attacking A Market Failure With Candice Matthews Brackeen

June 5, 2022

Crowdfunding video – Kabeção 1st solo Album – Touching Souls

June 5, 2022

The Gecko – Failure is not an option

June 5, 2022

Roller Kingdom Crowdfunding Video

June 4, 2022

Introduction – Art of Failure with Eli Zelkha

June 4, 2022

Radbahn Crowdfunding Video + Fast Forward Science 2017 Film

June 4, 2022

Jorge Newbery at Failure Lab

June 4, 2022

Outland Denim Equity Crowdfunding Video

June 4, 2022

What I learned about Failure, Loneliness, and Red Lizard at the Spark Fest Cebu

June 4, 2022
Load More
198 Crowd Funding News

Own and operated by The Ike Lemuwa Group, LLC a Commonwealth of Virginia Limited Liability Company, USA.
Info@nigeriasmartnews.com / info@ikelemuwagroup.com
Toll-Free: 1 888 642 8433
3821 Dominion Drive Dumfries, Virginia, 22026. USA

Categories

  • Home
  • Crowdfunding News
  • Blog
  • Articles
  • Sponsorship
  • Crowd Support
  • Crowdfunding Sources
  • Partner with 198TILG Mastermind Platinum Group
  • Video

Recent News

  • Between Music – Crowdfunding video
  • Attacking A Market Failure With Candice Matthews Brackeen
  • Crowdfunding video – Kabeção 1st solo Album – Touching Souls
  • The Gecko – Failure is not an option
  • Roller Kingdom Crowdfunding Video
  • Home
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact

Copyright © 2021 198 Crowdfunding News.

No Result
View All Result
  • HOME
  • VIDEO
  • CROWD SUPPORT
  • ARTICLES
  • NEWS
  • BLOG
  • ADS
  • CROWDFUNDING SOURCES
  • BOOKS
  • SPONSORSHIPS
  • CONTACT

Copyright © 2021 198 Crowdfunding News.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In