Decentralized finance (DeFi) protocols Aave and Yearn Finance are suffering from an ongoing flash loan attack at the time of writing, Pechshield noted. Tweet.
Abusers include over $3 million in DAI, $2.5 million in USD Coin (USDC), $1.7 million in BinanceUSD (BUSD), $1.19 million in Tether (USDT), and $1.5 million in True USD. The protocol has already drained over $10 million in stablecoins (TUSD), according to to look-on-chain.
At the time of writing, one of the attacker’s wallets held $5.77 million worth of assets. According to Etherscan, this includes about $2.4 million worth of Ethereum (ETH), $1.7 million worth of his BUSD, and $1.5 million worth of his Aave interest-bearing TUSD. dataAbusers are routing stolen funds to multiple wallets.
Aave is Tweet Aave V1, V2, and V3 were not affected by the attack.
According to Peckshield, the root cause of the attack on Yearn Finance was a misconfiguration of yUSDT, a liquidity token pegged to deposited USDT. This allowed the attacker to use just $10,000 worth of his USDT to create a large amount of his yUSDT. The abuser then exchanged his yUSDT token for other stablecoins, Pechshield said.
The attacks on Aave and Yearn followed last week’s SushiSwap exploit, resulting in the loss of more than $3 million in assets.
The post where Aave and Yearn Finance were exploited for over $10M in stablecoins first appeared on CryptoSlate.
