Two of Ethereum’s most popular decentralized finance protocols, Aave and Yearn Finance, have been affected by the exploit, according to reports earlier this morning from blockchain security firm PeckShield. The company tweeted to Aave asking it to verify the hash of a particular transaction.
Hello @tweet @tweetYou may want to take a look: https://t.co/61wSYHqwvs
– PeckShield Inc. (pecksshield) April 13, 2023
According to PeckShield, DeFi aggregator Yearn Finance is suspected of being attacked by a flash loan. The exploit is focused on Aave V1, and damage could exceed $11 million.
Top Ethereum DeFi Protocols With Weak Security?
According to LookOnChain, the attacker received a mix of stablecoins from Yearn Finance and Aave. Based on current knowledge, the attacker took $3,032,142, $2,579,483, $1,785,091, $1,512,528 and $1,193,756 . Aave responded to PeckShield in a tweet:
We are aware of this transaction, and it had no effect on Aave V2 and Aave V3. We are now confirming whether there is any impact on Aave V1, which is the oldest version of the protocol that has been frozen. We are monitoring the situation closely to ensure there are no further concerns.
Mark Zeller, Head of Aave Integration, to explain In a series of tweets, Aave V1 has been frozen since December 2022. This means that no user can deposit funds or increase the credit amount, “which makes the problem unlikely but not impossible.”
We are aware of the situation and research is ongoing. More information when we have more clarity,” wrote Zeller, who added that V1 for exit has been discussed with a quick vote taking place in a few hours for management to decide whether to opt out.
Thus, according to Zeller, users can “anyway” pay and/or withdraw their funds from V1 via the traditional app. The current size of V1 is $18 million, and the current size of Aave Security Module is $382.50 million.
In response to a question from a Twitter user, Zeller also confirmed that there is currently no known effect on Aave V2 and V3. Zeller wrote, “To our current knowledge, zero.”
Pseudonymous cryptographer Samczsun of Paradigm Claims The version of USDT developed by Yearn Finance, called yUSDT, has been cracked since its launch about three years ago. He said it was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.”
At press time, ETH price has settled at $1,920, maintaining its bullish trend despite fears of a dump due to yesterday’s Shanghai hard fork.
Featured image by sebastiaan Stam/Unsplash, chart from TradingView.com