Hacker Exploits Bitcoin-based Yala Protocol’s Yu Token on Polygon

In a sophisticated crypto exploit, the Bitcoin-backed DeFi protocol Yala has taken a hit of over $7.7 million as a hacker illicitly minted its YU token on Polygon and swap it to USDC, draining liquidity from the market.

As noted by Lookonchain, an on-chain security firm, the hacker minted 120 million YU tokens, a USD-pegged stablecoin backed by Bitcoin reserve, while exploiting the protocol’s smart contract on Polygon blockchain. They later swapped 7.7 million YU tokens with USDC on Ethereum (ETH) and Solana (SOL).

A hacker minted 120M $YU on Polygon and then sold 7.71M $YU for 7.7M $USDC on Ethereum and Solana via cross-chain.

The hacker still holds 22.29M $YU on Solana and Ethereum, with another 90M $YU still on Polygon that has not been bridged.

The hacker has now exchanged 7.7M $USDC… pic.twitter.com/508QU96DpF
— Lookonchain (@lookonchain) September 14, 2025

Confirming the breach, Yala protocol shared multiple posts on its official X handle and informed users about the incident. It also suspended Convert and Bridge functionalities for safety measures.

As part of ongoing security enhancement and system upgrades, the Convert and Bridge functions will be temporarily unavailable to ensure full stability while improvements are applied.

All other protocol functions remain unaffected, and user assets remain safe. We'll share more…
— Yala (@yalaorg) September 14, 2025

“As part of ongoing security enhancement and system upgrades, the Convert and Bridge functions will be temporarily unavailable to ensure full stability while improvements are applied,” the Yala team said. “All other protocol functions remain unaffected, and user assets remain safe.”

The hacker exchanged all of their USDC into ETH and sent it across multiple wallets on Ethereum. They still hold over 90 million YU tokens on Polygon as well as over 22 million on Ethereum and Solana.

YU stablecoin loses its USD Peg

Following the exploit, YU stablecoin lost its peg to USD, shrinking as low as $0.2 on Sunday. At the time of writing, YU was trading near $0.86, while having a market cap of over $130 million, as per CoinMarketCap data.

The team is currently attempting to re-peg the stablecoin and planning to compensate funds to affected liquidity pools while preparing for a full transparency report. “We have identified the stolen assets on-chain and are actively working with law enforcement to pursue recovery,” Yala team said in a recent X post.

The de-pegging of YU stablecoin has also harked back to the infamous Terra collapse, which wiped out millions from crypto markets overnight. Terra’s algorithmic stablecoin UST also had a similar architecture to YU, backed by the native LUNA coin.

Also Read: Stablecoin Market Hits $300B, But Discrepancies Expose Data Gaps

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!