Decentralized finance (DeFi) protocols Aave and Yearn Finance reportedly became victims of an exploit, with the attacker draining over $10M in stablecoins.
Onchain analytics platform LookOnChain reported the exploiter took away 3,032,142 DAI, 2,579,483 USDC, 1,785,091 BUSD, 1,512,528 TUSD, and 1,193,756 USDT.
Peckshield reported that the root cause of the exploit is not related to Aave but it happened due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (1,252,660,242,212,927.5) from a small $10K USDT.
“The huge yUSDT is then cashed out by swapping to other stablecoins,” Peckshield revealed.
Aave acknowledged the exploit noting it did not have an impact on Aave V2 and Aave V3. The DeFi platform stated the team is now confirming whether there is any impact on Aave V1, the oldest version of the protocol which has been frozen.
Aave integrations lead Marc Zeller later tweeted that Aave V1 has been frozen since Dec 2022. “The current size of V1 is $18M, and the current size of the Aave safety module is $382.50M,” Zeller added.
Yearn Finance contributor @storming0x claims that Yearn v2 vaults seem not to be impacted by the exploit. Both Aave and Yearn Finance are currently monitoring the situation.
The year 2023 has already seen so many exploits already, with major DeFi platforms becoming the major victims. Just a few days back, SushiSwap suffered a $3.3 Million exploit caused by an approval-related bug in its RouterProcessor2 contract.