Misconfigured yUDT results in $11.6m Exploit for Yearn Finance - Hack analysis

Misconfigured yUDT results in $11.6m Exploit for Yearn Finance - Hack analysis

As the decentralized finance (DeFi) ecosystem grows, ensuring security and preventing hacks remain significant concerns. An early version of the Yearn Finance protocol recently experienced an exploit leading to a substantial loss of $11.6 million. This article will discuss the exploit, its root cause, and the importance of vigilance in the ever-evolving world of DeFi.

The Exploit and Root Cause

The hacker took advantage of a misconfigured Yearn Finance USDT token (yUSDT). The yUSDT token was mistakenly configured to use the Fulcrum iUSDC token instead of the intended Fulcrum iUSDT token. By exploiting this misconfiguration, the attacker managed to mint 1.2 quadrillion yUSDT from just $10,000, which they then exchanged for other stablecoins. The losses amounted to $11.6 million, with the hacker obtaining a mix of stablecoins, including DAI, USDC, BUSD, TUSD, and USDT.

Aave V1's Involvement

The attacker used Aave V1 to execute a series of swaps, but the Aave team clarified that their protocol was not exploited. Aave CEO Stani Kulechov confirmed that Aave V1 was not impacted, and it was further emphasized that the root cause was the misconfigured yUSDT, not Aave.

Breakdown of the Attack

1. Hacker funded the attack with 10 ETH with TornadoCash on 11-04-2023 17:56:11 with this transaction:


Transaction is detected by Cyvers platform here:


2. The Hacker created a malicious smart contract on 13-04-2023 04:00:35 which also detected by Cyvers system.

3. After 1 hour 52 minutes, the hacker called the created malicious contract on 13-04-2023 05:52:35 and executed the hack process on which is again, detected by Cyvers system. The hacker's steps included repaying several Aave USDT loans, rebalancing the yUSDT token, and invoking the Curve y Swap with significantly imbalanced share prices. 

4. After monopolizing the entire pool by depositing USDT, the hacker swapped the incorrect yUSDT prices on Curve's y Swap to acquire large amounts of stablecoins. The hack is resulted with loss of almost $11M with stablecoins.

The Cyvers system detected the funds lost per asset, the alerts, and the transaction hashes involved in the attack. Again, the hack was executed 1 hour and 52 minutes after the deployment of the malicious smart contract, causing the loss of nearly $11 million in stablecoins which could have been prevented. The 1 hour and 52 minute prevention time frame is from the funding of the initial attack. 

The Importance of Proactive Security

With the growing prevalence of hacks and exploits in the blockchain ecosystem, proactive security measures such as anomaly detection are crucial to safeguard the integrity and security of Web3. By monitoring the blockchain in real-time, security platforms can detect anomalies within an actionable timeframe and prevent hacks from occurring. Yearn Finance could have prevented the attack if they had been using our hack detection system. This is exactly because of proactive security.  

As the DeFi ecosystem continues to grow, it's crucial to prioritize proactive security to prevent such exploits in the future. By implementing real-time monitoring and leveraging innovative security solutions, the Web3 community can build a more resilient and trustworthy ecosystem that attracts new users and enables a decentralized future.

Next generation threat prevention

Book a Demo

Next generation blockchain threat prevention

Identify patterns and anomalies across blockchains in real-time for proactive mitigation.

Book a Demo
Next generation blockchain threat prevention- Identifies patterns and anomalies across web3 in real-time for proactive mitigation.