$11 Million Drained Out of Yearn Finance in a Flash Loan Exploit

The attacker managed to get away with $2.8 million in crypto.

Yearn.Finance, one of the popular decentralized finance (DeFi) platforms, has suffered a massive attack on one of its DAI lending pools on late Thursday that resulted in the total loss of $11 million, the protocol confirmed on social media.

The attacker used an Aave flash loan to trigger the vault draining. While the protocol lost $11 million from its compromised vault, the attacker managed to get away with only $2.8 million.

“Attacker got away with 2.8m, dai vault lost 11.1m,” Yearn team posted on Discord.

The team is now investigating the breach and, as a precautionary measure, suspended all deposits onto its V1 DAI, USDC, USDT and TUSD.

Yearn developer Banteg further shared that the hacker stole 513,000 DAI, $1.7 million in USDT and the rest in CRV tokens.

Aave Founder, Stani Kulechov detailed that the attacker used a complex 160 nested transactions across multiple DeFi platforms and spent $5,000 in gas fees for the attack.

Interestingly, more than $3 million in the compromised DAI ended up in a liquidity pool of DeFi lending platform, Curve.

A Popular DeFi Platform

Yearn.Finance is one of the major DeFi protocols with a total locked-in value of little less than $500 million, according to DeFi Pulse. The platform got popular last year among yield farmers as it always enables depositors to recoup all their yield in the token they initially deposited.

Furthermore, YFI token, the governance token of the platform, suffered after the attack and has dropped 15 percent after the news of the attack become public.

Got a news tip? Let Us Know