The decentralized lending protocols Yearn and Aave were hacked after hackers managed to find a vulnerability in the yUSD token. The attackers took out more than $10 million in stablecoins and closed the loans of all users of the platform.
A bug in the yUSD token smart contract cost the Aave and Yearn Finance protocols $10 million About this on his Twitter reported cryptosecurity company PeckShield.
According to preliminary estimates, after the hack, the hackers withdrew around $3 million in DAI, more than $2.5 million in USDC, nearly $1.8 million in BUSD, $1.5 million in TUSD, and $1.1 million in USDT. At the same time, to cheat the protocol, they only needed to spend $10,000 – the vulnerability made it possible to mine 1.2 billion tokens.
Twitter user Marc Zeller also discoveredthat hackers closed all loans taken in USDT on the Aave protocol thanks to the ability to repay other people’s loans. Thus, users of the service not only did not lose, but even gained from this trick, because their loans were suddenly paid off.
Aave representatives ask the community not to panic and give developers time to assess the damage. However, it is already safe to say that the breach of the two protocols has become one of the largest in 2023.
Author:
Grigory Shcheglov
Source: RB
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
