Hacker mints 1 quadrillion yUSDT after exploiting old Yearn.finance contract

Blockchain security firm PeckShield recently detected a hack that allowed the attacker to mint over 1 quadrillion Yearn Tether (yUSDT) from $10,000 in the latest decentralized finance (DeFi) exploit. 

After initial checks, lending platform Yearn.finance made a statement, saying the issue was limited to iearn, an outdated contract before vaults v1 and v2. The DeFi protocol stated that the current Yearn.finance contracts and protocols are not affected by the exploit.

We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2.

This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols.

iearn is an immutable contract predating YFI, it was deprecated in 2020.

Vaults v1, with…

— yearn (@iearnfinance) April 13, 2023

Meanwhile, Aave also said they are aware of the transaction. The liquidity protocol recently confirmed that the hack did not impact Aave v1, v2 or v3. 

While hacks still plague the DeFi space in 2023, the amount of money lost to hacks has been lower compared with previous years. According to a quarterly report by blockchain security firm CertiK, more than $320 million were lost to hacks in the first quarter of 2023. The losses were much lower compared with 2022’s first quarter, where $1.3 billion was lost, and the fourth quarter when $950 million was lost to hacks.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime