Attacker Drains $11 Million In DAI from Yearn Finance Vault

Tokens worth $2.8 Million were stolen by an attacker who took advantage of a Yearn Finance exploit on January 4th, with a total of $11 million being lost from DAI vault.

The attack on Yearn Finance took advantage of an Aave flash loan to drain the vault, using over 160 nested transactions to commit the exploit that resulted in $8.6 million in gas fees.

The popular DeFi yield farming project’s official Twitter account announced the attack by stating: “We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.”

A vulnerability disclosure report was published the next day in the project’s official Github, providing further details on the attack and more information on how the exploit took place.

Getting Into the Yearn Vault

According to the report, Yearn’s security team and multi-sig wallet signers were able to stop the attack while it was underway only 11 minutes after it been reported, saving more than 2 thirds of the vault’s total deposits ($35 Million).

The suspicious activity by a contract was reported by Andre Cronje at 21:45 (UTC), which was later found to be an exploit achieved by debalancing the exchange rate between the stablecoins in the pool, making the yDAI vault deposit into the pool at an unfavorable rate, and then reversing the first imbalance.

After repeating this process in 11 transactions that took place over 38 minutes, the attacker was able to extract $2.8 from the vault before Yearn’s team mitigated the attack.

The security team’s report identified 3 factors as contributing to the exploit, which included a loose slippage protection value, null withdrawal fee, and the vault being a v1 vault.

The Controversy Around Tether’s Decentralization

Tether Ltd. announced on February 5th, e company behind the stablecoin Tether (USDT), that it had frozen part of the funds stolen from Yearn Finance, mitigating the loss by $1.7 million. This move by Tether will effectively prevent the attacker…

Read More