$11 Million Drained Out of Yearn Finance in a Flash Loan Exploit

Yearn.Finance, one of the popular decentralized finance (DeFi) platforms, has suffered a massive attack on one of its DAI lending pools on late Thursday that resulted in the total loss of $11 million, the protocol confirmed on social media.

We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.

— yearn.finance (@iearnfinance) February 4, 2021

The attacker used an Aave flash loan to trigger the vault draining. While the protocol lost $11 million from its compromised vault, the attacker managed to get away with only $2.8 million.

“Attacker got away with 2.8m, dai vault lost 11.1m,” Yearn team posted on Discord.

The team is now investigating the breach and, as a precautionary measure, suspended all deposits onto its V1 DAI, USDC, USDT and TUSD.

Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate. pic.twitter.com/1RWYyu0d5m

— banteg (@bantg) February 4, 2021

Yearn developer Banteg further shared that the hacker stole 513,000 DAI, $1.7 million in USDT and the rest in CRV tokens.

Aave Founder, Stani Kulechov detailed that the attacker used a complex 160 nested transactions across multiple DeFi platforms and spent $5,000 in gas fees for the attack.

Interestingly, more than $3 million in the compromised DAI ended up in a Liquidity Liquidity The term liquidity refers to the process, speed, and ease of which a given asset or security can be converted into cash. Notably, liquidity surmises a retention in market price, with the most liquid assets representing cash.The most liquid asset of all is cash itself.· In economics, liquidity is defined by how efficiently and quickly an asset can be converted into usable cash without materially affecting its market price. · Nothing is more liquid than cash, while other assets represent The term liquidity refers to the process, speed, and ease of which a given asset or security can be converted into cash. Notably, liquidity surmises a retention in market price, with the most liquid assets representing cash.The most liquid asset of all is cash itself.· In economics, liquidity is defined by how efficiently and quickly an asset can be converted into usable cash without materially affecting its market price. · Nothing is more liquid than cash, while other assets represent Read this Term pool of DeFi lending platform, Curve.

Complex exploit with over 160 nested transactions transactions and 8,6 mm gas used (around 75% of the block) resulted to 2.7 mm USD loss ? https://t.co/WdqMGTuBQF https://t.co/MoaZIfGKGa

— stani.eth ? v2 is live ? (@StaniKulechov) February 4, 2021

A Popular DeFi Platform

Yearn.Finance is one of the major DeFi protocols with a total locked-in value of little less than $500 million, according to DeFi Pulse. The platform got popular last year among yield farmers as it always enables depositors to recoup all their Yield Yield A yield is defined as the earnings generated by an investment or security over a particular time period. This is in typically displayed in percentage terms and is in the form of interest or dividends received from it.Yields do not include the price variations, which differentiates it from the total return. As such, a yield applies to various stated rates of return on stocks, fixed income instruments such as bonds, and other types of investment products.Yields can be calculated as a ratio or as a A yield is defined as the earnings generated by an investment or security over a particular time period. This is in typically displayed in percentage terms and is in the form of interest or dividends received from it.Yields do not include the price variations, which differentiates it from the total return. As such, a yield applies to various stated rates of return on stocks, fixed income instruments such as bonds, and other types of investment products.Yields can be calculated as a ratio or as a Read this Term in the token they initially deposited.

Furthermore, YFI token, the governance token of the platform, suffered after the attack and has dropped 15 percent after the news of the attack become public.