Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Hackers have effectively taken advantage of the smart contracts of the now-inoperative decentralized finance (DeFi) lending platform Yield Protocol, siphoning off crypto assets totaling around $181,000.
Yield Protocol halted its operations in December 2023, citing difficulties due to declining business demand and increasing global regulatory pressures.
Yield Protocol Breached Despite Alerts, Hacker Withdraws $181,000
Hi @yield, you may want to a look (w/ $181K) pic.twitter.com/wbzVgrvyyy
— PeckShield Inc. (@peckshield) April 30, 2024
In spite of Yield Protocol’s ongoing warnings for investors to close their positions, withdraw their funds, and settle outstanding loans after its shutdown, an unidentified hacker exploited vulnerabilities within the protocol’s strategic contracts deployed on the Arbitrum blockchain. The breach was initially reported by blockchain investigation firm PeckShield, with subsequent confirmation from CertiK.
#CertiKInsight
We have observed an exploit on @yield strategy contracts on Arbitrum for ~$181K.
The attacker took advantage of a discrepancy between the pool token balance and total supply using flash-loaned assets, allowing them to withdraw additional pool tokens.
Stay Vigilant! pic.twitter.com/9cLDWt0e3f
— CertiK Alert (@CertiKAlert) April 30, 2024
As per CertiK’s investigative findings, the hacker exploited a mismatch between the pool token balance and total supply by utilizing flash-loaned assets, which enabled them to withdraw extra pool tokens.
ALERTOur system has identified a suspicious transaction linked to @yield. This suspicious address has been flagged since the malicious contract deployment.
The attacker managed to acquire $181K, initially funded by @ChangeNOW_io on #Arbitrum. The funds remain in the… pic.twitter.com/sgYiRCAKJh
— Cyvers Alerts
(@CyversAlerts) April 30, 2024
Additional insights from the web3 cybersecurity alert firm Cyvers Alert indicated that the attacker initially secured funds totaling $181,000, which were facilitated by @ChangeNOW_io on the Arbitrum network. These funds are still under the control of the attacker.
Yield Protocol was one of the 11 decentralized finance protocols affected by the attack on the noncustodial lending platform Euler Finance. Following the attack on March 13, Yield Protocol temporarily suspended mainnet borrowing and reported liquidity pool losses of less than $1.5 million, while Euler Finance experienced losses exceeding $195 million.
Related Posts
Nevertheless, on May 18, Yield Protocol announced its return to full operational capacity. Users were notified that they could resume borrowing and lending for the June and September series. Furthermore, the protocol provided a timeline, estimating that users would require about a week to claim replacement tokens.
Yield Protocol Recovers from Hack, Faces New Challenges; Cryptocurrency Industry Continues to Combat Security Risks
After Euler’s recovery of most of the funds lost to hackers in April, Yield Protocol collaborated with Euler on the restitution process. This involved deploying 26 new contracts and executing around 300 permissioned calls to reset the fixed-yield token maturities and restore the protocol to its prior state.
To ensure that users are fully compensated for any losses incurred, Yield Protocol initiated a process whereby liquidity provider tokens are exchanged for newly minted tokens created during the restoration. In a blog post, Yield Protocol expressed appreciation that the hack did not lead to losses for the community. However, it acknowledged the challenging path to restoring the protocol to full functionality.
Yet, amid these efforts, Yield Protocol encountered another issue in May when a bug was identified in its strategy contracts. This required a two-week suspension of the protocol’s operations while the problem was addressed and resolved.
However, Yield Protocol officially ceased its support on February 2, and while the protocol had seen periods of revival in the past, efforts to recover the stolen funds seem unlikely.
The cryptocurrency sector continues to face security challenges, with the erosion of credibility resulting from ongoing hacking incidents and fraudulent activities. In the first quarter of 2024, approximately $336.3 million worth of cryptocurrencies were lost to hacks and rug pulls across 46 hacking incidents and 15 cases of fraud, as reported by blockchain security firm Immunefi.
Despite attempts to recover losses, only $73.9 million (22%) of the stolen funds from seven exploits in Q1 were successfully retrieved. However, there was a slight improvement in the number of attacks, with a 17.6% decrease compared to Q1 2023, totaling 61 incidents in 2024.
March proved particularly difficult, with nearly $100 million in digital assets stolen, according to blockchain security firm PeckShield. Over 30 hacking incidents occurred during this time, resulting in $187 million in lost funds. However, there was a positive aspect, with 52.8% of the hacked funds being successfully recovered.
The post Hackers Drain Funds from Defunct DeFi Lending Protocol Yield Protocol appeared first on Cryptonews.
