Investigating the Attack on Yearn Finance: Progress Report
On April 14th, it was reported that Yearn Finance posted on Twitter the progress of the investigation into the attack, stating that as previously stated, the root cause of the atta
On April 14th, it was reported that Yearn Finance posted on Twitter the progress of the investigation into the attack, stating that as previously stated, the root cause of the attack on Yearn was a vulnerability left in the iEarn USDT (yUSDT) token contract. This vulnerability exists in multiple versions and leads to multiple Curve pools (y, busd, pax) being exploited and exhausted. The liquidity providers who deposit LP tokens into downstream protocols are still affected, including users who encapsulate the Yearn v2 vault (2) and the old version v1 vault (2) of these affected LPs. In previous tweets, Year stated that the current version of Year v2 Vaults is not affected.
Year: The vulnerability in yUSDT token contract exists in multiple versions, and the liquidity providers of downstream protocols are still affected
Yearn Finance, a decentralized finance (DeFi) protocol, has been under attack since February 2021. On April 14th, the team posted a progress report on Twitter about the investigation into the attack. The report revealed that the root cause of the attack was a vulnerability in the iEarn USDT (yUSDT) token contract. In this article, we will explore the details of the attack, its impact on Yearn Finance, and the progress made in its investigation.
Background of Yearn Finance
Before diving into the attack, it’s important to understand what Yearn Finance is and how it operates in the DeFi space. Yearn Finance is a yield aggregator that helps users find the highest yield for their investments. It does this by automatically moving funds between different DeFi protocols to find the most profitable opportunity.
The platform has gained a lot of attention and popularity in recent times due to its innovative approach to yield farming. Its native token, YFI, has also gained significant value, making it a prime target for attackers.
The Attack on Yearn Finance
The attack on Yearn Finance started on February 4th, 2021, when the team noticed significant losses on some of its vaults. The attackers exploited a vulnerability in the iEarn USDT (yUSDT) token contract, allowing them to manipulate the prices of certain tokens and drain the liquidity from the affected pools.
The attack affected multiple Curve pools (y, busd, pax), causing significant losses for liquidity providers who deposited LP tokens into these pools. Additionally, users who encapsulate the Yearn v2 vault (2) and the old version v1 vault (2) of these affected LPs were also affected.
Impact of the Attack
The attack resulted in massive losses for Yearn Finance and its users. The team estimates that the attacker was able to drain around $11 million, which is a significant amount considering the value of the funds involved. The attack also had a negative impact on the overall market sentiment towards DeFi protocols.
However, the team acted quickly and was able to contain the damage by pausing the affected vaults and implementing new security measures to prevent further attacks. They also launched an investigation to determine the root cause of the attack and find ways to prevent similar incidents in the future.
Progress in the Investigation
In the progress report posted on Twitter on April 14th, the team confirmed that the root cause of the attack was indeed the vulnerability in the iEarn USDT (yUSDT) token contract. They also revealed that the vulnerability exists in multiple versions of the contract, making it a widespread issue.
However, they also confirmed that the current version of Yearn v2 Vaults is not affected by the vulnerability. This is good news for users who have been using the platform since its inception and are concerned about the safety of their funds.
Conclusion
The attack on Yearn Finance was a wake-up call for the DeFi industry, highlighting the need for better security measures and more comprehensive auditing processes. The progress made in the investigation so far is reassuring, but it’s important to remain vigilant and continue exploring ways to improve the security of DeFi protocols.
FAQs
1. What is Yearn Finance?
Yearn Finance is a DeFi yield aggregator that helps users find the highest yield for their investments.
2. What was the root cause of the attack on Yearn Finance?
The root cause of the attack was a vulnerability in the iEarn USDT (yUSDT) token contract.
3. Has Yearn Finance taken any measures to prevent further attacks?
Yes, the team has implemented new security measures to prevent further attacks and is conducting an investigation to determine the root cause of the attack.
This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/14594/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Recommended articles
-
What books to read for cryptocurrency trading (The Art of Trading Cryptocurrency)
What books to read for cryptocurrency trading? \”The Big Bang of Global Financial
-
##Animoca Brands Denies Lowering Fundraising Target Amid Crypto Market Turmoil
On March 25th, Animoca Brands, a Web3 game developer, denied any claim that it had lowered its fundraising target for the Meta Universe Fund by 20% to $800 million amid the turmoil
-
Table of Contents
On April 4th, it was reported that. bit recently discovered and analyzed the security risks associated with asset loss when using DID for asset trading. After recognizing these ser
-
Doubts Raised as Silicon Valley Bank’s Executives Sell Millions of Dollars Worth of Shares
It is reported that Becker, the chief executive of Silicon Valley Bank, has sold nearly US $30 million of shares in the past two years, triggering new doubts about the sale of shares by insiders of the bank. Becker sold $3.6 million worth of shares on February 27, and just a few days later, the bank disclosed a huge loss, which triggered the decline and collapse of the share price. According to Smart Insider, Becker has sold a total of 29.5 million shares in the past two years. Other executives of Silicon Valley Bank, including the chief marketing officer and chief financial officer, have also sold shares worth millions of dollars since 2021. The bank’s executives and directors have cashed out a total of $84 million worth of shares in the past two years. The executives of Silicon Valley Bank cashed out $84 million of shares in two years, raising doubts Analysis based on this information:The news that the chief…
-
What coin is tnb (tnb coin prospects)
tnb what currency According to btcmanager.com, tnb what currency is a distributed communication protocol based on blockchain. Its code name is “TnB”. It has some similarities with tsvr, because it is completely open source and runs on the smart contract platform of Ethereum. In addition, TNB can also operate through mining It is reported that “tnb” is a Cryptocurrency for point-to-point transmission and information sharing; TNB can be used for other activities that occur online, such as social media, games, and even government work TNB coin outlookTNB coin outlook analysis According to TokenInsight data, among the top 50 tokens in market value, TNb24 has increased by over 20% in 24 hours. Except Bitcoin, most other Cryptocurrency fell or stagnated, with ETH falling the most, 16.3%; The EOS increased by 18.5% (approximately 3.4%) In addition, according to CoinMarketCap statistics, tnb has increased by over 30% in the past week and is currently trading at $0.037. TNB is the first fully decentralized…
-
DigiFT Secures $10.5 Million Pre-A Financing Led by Shanda Group
It is reported that DigiFT, a decentralized digital asset exchange focusing on asset-backed securities (STO), announced the successful completion of the US $10…
-
OpenAI Goes Bolder with GPT-4
It is reported that OpenAI launched the GPT-4 text generation AI system. OpenAI launched GPT-4 text generation AI system Analysis based on this information:OpenAI, the world-renowned artificial intelligence research organization, is making headlines again with their latest offering, the GPT-4 text generation AI system. This non-profit company, co-founded by Elon Musk, aims to develop AI that will benefit humanity and has been doing so with great success. GPT-4, the fourth iteration of their popular text generation software, is the most advanced language model to date. In fact, it is the biggest language model ever created, with over 850 billion parameters, much more than its predecessor, the GPT-3, which had 175 billion parameters. This means it will be able to generate more sophisticated text, closer to human-like output. The primary purpose of GPT-4 is to be more personalised, adaptive and accurate in its responses to users. OpenAI states that GPT-4 will be able to understand complex language and nuances found in…
-
Mastercard Ventures into the Cryptocurrency Industry in EU and UK
It is reported that Bitcoin Magazine published an article on social media that Mastercard launched Bitcoin cards in the EU and the UK.
Mastercard launc…
-
Celsius Creditor Committee: The customer can submit proof of claim against any debtor before April 28th
According to reports, the Celsius Creditor Committee stated on social media that in a recent client claim ruling, Judge Glenn stated that clients can only file contractual claims i
-
What does “区块链atis” mean in English? (ACH Blockchain)
What does \”区块链atis\” mean in English? \”区块链atis\” means decentralized services base
-
What Does Mining Computing Power Mean (Mining Profitability Calculator)?
What does mining computing power mean? Simply put, it refers to obtaining a cer
-
Layer1 Public Chain Sei Network: Reaching 500,000 Independent Users Within a Week After Atlantic-2 Launch!
On March 28th, the Layer1 public chain Sei Network tweeted that it had more than 500000 independent users a week after testing the Atlantic-2 online line.
Sei Network: The Atlantic -
CoinRoutes Obtains US Patent for Enterprise Crypto Solution to Help Traders
On March 16th, it was announced that CoinRoutes, a crypto software as a service developer, has approved its latest enterprise transaction solution, “Distributed Cryptocurrency Smart Order Router with Cost Calculator”, or a US patent. The company’s latest product is designed to help traders navigate the crypto market. Wall Street veteran and CEO of CoinRoutes said that the design allows CoinRoutes to provide secure enterprise solutions for every customer. CoinRoutes “Distributed Cryptocurrency Smart Order Router” is approved by a US patent Analysis based on this information:CoinRoutes has announced the approval of its latest enterprise crypto solution, the “Distributed Cryptocurrency Smart Order Router with Cost Calculator,” a US patent. This highly anticipated product is aimed at helping traders navigate the crypto market more efficiently and securely. CoinRoutes is a well-known software company that specializes in developing technology solutions for the crypto industry. In this new venture, they have set out to create a tool that helps traders make informed decisions at every…
-
The Impact of EU’s Celsius on CZ and SushiSwap
12:00-21:00 Key words: EU, Celsius, CZ, SushiSwap
Overview of important developments in the evening of February 15
Interpretation of the news:
… -
What does tb mining mean (trb mining)?
What does tb mining mean? According to official sources, tb mining refers to tba
-
Fidelity, SEC, Twitter & StarkNet: A New Dawn For Crypto Investments
21:00-7:00 Keywords: Fidelity, SEC, Twitter, StarkNet
Overnight updates on April 4th at a glance
Cryptocurrencies have been around for more than a decade, but the last couple of ye