A hacker took advantage of an outdated contract from Yearn Finance, a DeFi platform, and stole $11.6 million in stablecoins on Thursday. By exploiting a code vulnerability, the attacker created a quadrillion yUSDT stablecoins and exchanged them for other stablecoins, such as USDP, TUSD, BUSD, USDT, USDC, and DAI.
DeFi platforms have experienced multiple hacking attacks, and Yearn Finance is just one of the victims. This hack shows the importance of regularly auditing and updating smart contracts to prevent similar incidents.
The hacker transferred the funds to other DeFi platforms like Aave, where they locked 1.5 million TUSD as collateral to borrow 634 Ether worth $1.26 million. The address has already sent at least 1,000 Ether to Tornado Cash, a mixing service that was recently sanctioned by the U.S. Treasury, PeckShiled Reported.
According to Chainalysis, hackers stole at least $3.8 billion in cryptocurrencies in 2022, with DeFi platforms experiencing over 82% of the losses. This demonstrates the need for improved security measures in the DeFi space.
The Yearn Finance hack is a stark reminder that the DeFi space is not immune to cyberattacks. Developers, regulators, and users must work together to maintain up-to-date and secure smart contracts and implement robust security measures like regular security audits, code reviews, and bug bounties to prevent and mitigate hacking attacks. While the DeFi space has exciting new opportunities in finance, it also poses new risks that need to be addressed to ensure a safe and secure environment for all.