According to blockchain security firm PeckShield, Aave and Yearn Finance are the latest DeFi protocols targeted by exploiters.
Aave’s version 1 remained unaffected, while versions 2 and 3 were not impacted. The team behind the lending protocol is monitoring the situation, and the oldest version has been frozen since December 2022.
- Lookonchain’s data suggest that the exploiter may have managed to rake in more than $10 million in stablecoins DAI, USDC, BUSD, USDT, and TUSD.
- PeckShield clarified that the root cause is due to misconfigured yUSDT, not related to Aave.
“It appears the root cause is due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT. The huge yUSDT is then cashed out by swapping to other stablecoins..”
- Aave Chan creator Marc Zeller, in a tweet, said the issue is unlikely but not impossible since no user can deposit or increase borrow size.
- Zeller further revealed that the current size of V1 is $18 million, while the current size of the Aave safety module stands at $382.50 million.
- This year has seen stories of hacks and exploits regularly making headlines. In March alone, cybercriminals stole $211.5 million worth of cryptocurrencies via 26 attacks.
- Earlier this week, $3.3 million in ETH was drained from SushiSwap’s approval contract.
UPDATE: The title has been revised to reflect additional information that Aave version 1 was NOT impacted.
