Hacker mints 1 quadrillion yUSDT after exploiting old Yearn Finance contract

Blockchain security firm PeckShield recently detected a hack that allowed the exploiter to mint over 1 quadrillion Yearn Tether (yUSDT) from $10,000 in the latest decentralized finance (DeFi) hack. 

According to the security firm, the hacker then swapped the yUSDT to other stablecoins, allowing them to take hold of $11.6 million worth of stablecoins. This includes 61,000 Pax Dollar (USDP), 1.5 million TrueUSD (TUSD), 1.79 million Binance USD (BUSD), 1.2 million Tether (USDT), 2.58 million USD Coin (USDC) and 3 million in DAI (DAI).

PeckShield illustrates the flow of funds from the attack. Source: PeckShield

PeckShield said that the hacker has already managed to transfer 1,000 Ether (ETH), currently worth almost $2 million, to the sanctioned cryptocurrency mixer Tornado Cash. The blockchain security company also flagged the DeFi protocols Aave and Yearn Finance to inform them of what was transpiring. 

Related: Sentiment recovers $870K after negotiations with hacker

After initial checks, lending platform Yearn Finance made a statement that the issue was limited to iearn, which was an outdated contract before Vaults V1 and V2. The DeFi protocol said that the current Yearn Finance contracts and protocols are not affected by the exploit.

Meanwhile, Aave also said that they are aware of the transaction as well. The liquidity protocol recently confirmed that the hack did not have an impact on its Aave V1, V2 or V3. 

While hacks still plague the DeFi space in 2023, the amount of money lost to hacks has been lower compared to the previous years. According to the quarterly report of blockchain security firm CertiK, more than $320 million were lost to hacks in the first quarter of 2023. The losses were a lot lower compared to 2022’s first quarter where $1.3 billion were lost and the fourth quarter when $950 million were lost to hacks.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime