Yearn Finance recently tweeted that its v1 yDAI Vault got hacked. A part of the deposits, worth $11 million, got lost. The attack helped the hackers to acquire a total of $28 million.
A Detailed Look on the Yearn Finance Breach
The breach was stopped by the Yearn Finance security team 38 minutes from its onset. As investigations were going on, Yearn Finance put deposits on several vaults on hold.
One of Yearn Finance’s core developers, Banteg, reported that the method used to hack the system appears to be a flash loan attack. A flash loan happens when DeFi assets are loaned out and paid back almost immediately without collateral.
According to Banteg’s report, the hackers manipulated the protocol by unbalancing exchange rates on Curve’s 3pool. They then proceeded to make deposits and withdrawals at mind-blowing rates from the 3pool eleven times.
A Sudden Blockchain Loophole Found
Andre Cronje, the Yearn Finance creator, noticed the attack was taking place on Thursday at around 2145hrs (UTC). He then mobilized Yearn Finance’s security team that neutralized the attack in a time of eleven minutes.
Following how fast the team eradicated the attack, about 24m out of the 35m DAI got saved. The attacker made away with a profit of 2.7m DAI. The hack’s mitigation happened when the security team applied a command that disabled deposits on the DAI vault. Additionally, deposits on other vaults on the network, including USDC, USDT, and TUSD, were disrupted as a precaution.
For the past few weeks, Blockchain networks have seen several attacks that have seen many platforms count massive losses. According to blockchain security watch Slowmist, Yearn Finance’s attack becomes the second hacking incident this month. Slowmist has recorded a total of 374 hacks across several digital asset networks.
The blockchain security monitoring firm has recorded an eye-widening total of $14 billion worth of assets lost due to blockchain hacks. The figure could signal that there is a need to reconsider how blockchain security might be vulnerable.
The ‘Assurance’ of Blockchain Security
Once an unhackable technology, blockchain is now facing severe attacks that lead to losses worth billions of dollars. Flash loan attacks, 51% attacks are some of the blockchain security problems yet to be solved entirely. It proves that the use of blockchain does not mean one’s funds are safe.
Late last year, US federal authorities seized approximately $1 billion worth of stolen crypto. The amount was gotten from the previously shut down Silk Road black market. A massive number of stolen crypto is yet to be recovered, and probably hackers have already put the crypto into circulation.