crv.mktcap.eth

Share this post
February 5, 2021: Yearn Hacked for $11MM 🕵️💰
curve.substack.com

February 5, 2021: Yearn Hacked for $11MM 🕵️💰

Keep Ahead of the Curve

crv.mktcap.eth
Feb 5, 2021
Comment
Share

Here are today’s trends to watch from Curve Market Cap:

Sad news for DeFi this morning, as an $11MM hack hit Yearn.

Twitter avatar for @iearnfinanceyearn.finance @iearnfinance
We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.

February 4th 2021

380 Retweets1,233 Likes
Twitter avatar for @StaniKulechovstani.eth 👻 v2 is live 👻 @StaniKulechov
Complex exploit with over 160 nested transactions transactions and 8,6 mm gas used (around 75% of the block) resulted to 2.7 mm USD loss 🤯
etherscan.io/tx/0x6dc268706…

yearn.finance @iearnfinance

We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.

February 4th 2021

44 Retweets193 Likes

The Yearn team was very prompt in addressing the situation within 10 minutes:

Twitter avatar for @fubuloubuI'm just a doggie boi @fubuloubu
Yearn yDAI Vault hack 21:47:39 - discovered 21:57:53 - mitigated ~ 10m14s response time

February 5th 2021

7 Retweets136 Likes
Twitter avatar for @bantgbanteg @bantg
Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate.
Image

February 4th 2021

252 Retweets699 Likes

The hacker got away with $2.8MM of this $11MM for their efforts, although Tether put a freeze on the Tether portion of the funds:

Twitter avatar for @paoloardoinoPaolo Ardoino @paoloardoino
. @Tether_to just froze 1.7M USDt stolen as part of the hack of Yearn DAI v1 vault. More info here

yearn.finance @iearnfinance

We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.

February 5th 2021

21 Retweets112 Likes

A claim has also been filed on Cover:

Twitter avatar for @chefcoverageAlan @chefcoverage
A claim has been filed for @iearnfinance on @CoverProtocol. A snapshot for $COVER tokenholders to vote on the validity of this claim will be posted soon. At the moment, there is a total of 570,000 DAI of coverage circulating.
app.coverprotocol.com/app/claims/YEA…

February 4th 2021

32 Retweets94 Likes

The remainder of the $11MM? Much of it ran through Curve as part of the hack.

Twitter avatar for @FrankResearcherIgor Igamberdiev @FrankResearcher
1/ Flash loaned 116k ETH from dYdX 2/ Flash loaned 99k ETH from Aave v2 3/ Borrow 134M USDC and 129M DAI using ETH as collateral on Compound 4/ Add 134M USDC and 36M DAI to 3crv Curve pool 5/ Withdraw 165M USDT from 3crv Curve pool 6/ Repeat five times👇

February 4th 2021

13 Retweets165 Likes
Twitter avatar for @FrankResearcherIgor Igamberdiev @FrankResearcher
- Deposit 93M DAI to yDAI vault (less w/ each time) - Add 165M USDT to 3crv pool - Withdraw 92M DAI from yDAI vault (less w/ each time) - Withdraw 165M USDT from 3crv pool 7/ In the last time withdraw 39M DAI and 134M USDC instead USDT 8/ Repay Compound debts 9/ Repay flash loans

February 4th 2021

6 Retweets122 Likes
Twitter avatar for @FrankResearcherIgor Igamberdiev @FrankResearcher
Each time the attacker had more 3crv tokens, which he was later able to swap for stablecoins. Lol, it's funny how so many flash loans have been used. This means that my new research piece about flash loans, which will be released very soon, will be relevant.

February 4th 2021

9 Retweets356 Likes
Twitter avatar for @FrankResearcherIgor Igamberdiev @FrankResearcher
I’m seeing some misunderstandings about where does the $11M figure come from so here is the breakdown: - $2.7M exploiter's profit - $3.5M Curve LP fees - $3.5M Curve stakers fees - $1.4M Aave v2 fees
Image

Igor Igamberdiev @FrankResearcher

Ok, new DeFi exploit. Victim: - @iearnfinance Attacker profit: - 513k DAI - 1.7M USDT - remaining 506k 3CRV (~$1) To obtain such a profit, the attacker executed 11 transactions. Below is a very superficial explanation of what was happening in these transactions👇

February 5th 2021

24 Retweets82 Likes

Curve was surely not behind the hack, but it ended up being the Curve community made out like bandits, with Curve stakers pocketing more than the hacker:

Twitter avatar for @JulienThevenardJulien Thevenard @JulienThevenard
In this exploit, the arber got away with $2.8M and @CurveFinance stakers received over $3M ...
Image

banteg @bantg

Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate. https://t.co/1RWYyu0d5m

February 4th 2021

45 Retweets214 Likes

Check out the wild stats on 3pool:

While there’s no way for Curve to automatically return the funds, some in the community have called for voluntary donations to those affected. If we observe any such program being implemented we’ll update here.

For more info, check our live market data at https://curvemarketcap.com/ or our subscribe to our daily newsletter at https://curve.substack.com/. Nothing in our newsletter can be construed as financial advice. The author performs development work for Curve compensated partly in $CRV, all content is otherwise independent.

CommentComment
ShareShare

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 crv.mktcap.eth
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing