An older version of Yearn Finance protocol was hacked for $11.6 million on April 13 due to a vulnerability in Yearn’s USDT token, yUSDT. Initial reports suggested Aave was also exploited, but an Aave spokesperson told Decrypt that it was only used to swap an array of tokens. Aave’s founder Stani Kulechov also confirmed that the project was not directly impacted. Aave is one of DeFi’s oldest lending and borrowing protocols, letting users earn yield for depositing various cryptocurrencies. Yearn Finance is another popular DeFi protocol that aggregates various yield opportunities from around the market into a single platform. The yUSDT token is a yield-accruing token that tracks a user’s USDT stablecoin balance deposited in Yearn contracts. “It was misconfigured to use the Fulcrum’s iUSDC token instead of the Fulcrum’s iUSDT token,” noted Paradigm’s researcher, Samczsun. Fulcrum is a DeFi platform that allows users to borrow and lend ETH and other ERC-20 tokens. The damage was limited since only the older versions of Yearn were exploited, confirmed one of the project’s senior developers Storm Blessed 0x.
Full story : Older Version of DeFi Yield Aggregator Yearn Finance Exploited for $11.6M.