Dead DeFi Protocol Yield Leaks Crypto Funds in Hacked Pool

As a researcher with extensive experience in the blockchain and cryptocurrency space, I find the recent exploit of smart contracts from Yield Protocol on Arbitrum deeply concerning. The fact that this defunct DeFi lending platform, which had already advised investors to close their positions and withdraw funds, was still vulnerable to such an attack is a stark reminder of the risks involved in this nascent industry.

Recently, hackers successfully exploited the smart contracts of the defunct decentralized finance (DeFi) lending platform Yield Protocol, resulting in the theft of approximately $181,000 worth of cryptocurrency assets.

As a crypto investor, I’ve received important information from CertiKInsight about an exploit on yield strategy contracts on the Arbitrum network. An attacker took advantage of a discrepancy between the pool token balance and total supply, using flash loans to acquire additional assets and withdrew extra pool tokens, resulting in a loss of approximately $181K. It’s crucial for us all to remain cautious and attentive in these dynamic markets.

— CertiK Alert (@CertiKAlert) April 30, 2024

Despite having shut down by December 2023 as a result of business issues and regulatory pressure, Yield Protocol urged investors to liquidate their investments, retrieve their funds, and settle any outstanding loans.

Unheeded warnings from PeckShield, a blockchain investigation team, and CertiK, another security firm, didn’t deter an unidentified hacker from infiltrating Yield Protocol’s smart contracts on the Arbitrum blockchain. The breach was subsequently verified by both firms.

Hi @yield, you may want to a look (w/ $181K)

— PeckShield Inc. (@peckshield) April 30, 2024

Through a more detailed examination, CertiK uncovered that the hacker exploited a gap between the pool token holdings and the overall supply using flash-borrowed assets. Regrettably, given that official assistance for the Yield Protocol terminated on February 2, efforts to retrieve the pilfered funds appear futile.

In March 2023, Yield Protocol and ten other decentralized finance protocols suffered financial losses as a result of a cyberattack on the non-custodial lending platform Euler Finance. Yet, by July 2023, Yield Protocol had successfully bounced back from the attack’s aftermath.

While in the process of restoring operations, Yield Protocol joined forces with Euler to retrieve the lost funds. Subsequently, they introduced 26 fresh contracts into the system and carried out approximately 300 controlled transactions to readjust the maturities of the fixed-yield tokens and restore the protocol’s normal functioning.

Read More

2024-04-30 16:04