Decentralized finance (DeFi) protocol Yearn Finance has been the subject of an exploit this morning leading to millions of dollars in losses for holders of various stablecoins. Security firm PeckShield tweeted that a bug in a token issued by Yearn Finance caused the exploit, resulting in over $11 million in losses.
The affected stablecoins include dai (DAI), tether (USDT), USD Coin (USDC), binance USD (BUSD), and tru USD (TUSD). The exploiters were able to mint over 1.2 quadrillion yUSDT using an initial deposit of $10,000, which was used to trick Yearn Finance’s protocol, resulting in cashing out millions in stablecoins.
Root Cause and Aave’s Involvement
Initially, the exploit was thought to affect Aave version 1; however, Aave developers confirmed that the protocol was unaffected and was only used to swap tokens to conduct the exploit. PeckShield confirmed that the root cause of the exploit was due to misconfigured yUSDT, and not related to Aave.
Limited Impact on Aave
According to Aave integrations lead Marc Zeller, the impact on the protocol was limited as version 1 was frozen since December 2022. Zeller added that the current size of version 1 is $18 million, while the current size of the Aave safety module is $382.50 million. Zeller also stated that version 2 and version 3 of Aave were not impacted.
This exploit highlights the risks associated with DeFi protocols and the importance of ensuring the proper configuration of tokens. While Aave was not directly impacted by the exploit, it serves as a reminder of the importance of implementing security measures in DeFi protocols to prevent such incidents from occurring in the future.
The losses suffered by stablecoin holders also underscore the importance of conducting due diligence and being aware of the potential risks associated with investing in DeFi protocols.