The hacker has already transferred 1,000 Ether ($2 million) to the crypto mixer Tornado Cash.
Blockchain security firm PeckShield recently detected a hack that allowed the attacker to mint over 1 quadrillion Yearn Tether (yUSDT) from $10,000 in the latest decentralized finance (DeFi) exploit.
According to the security firm, the hacker then swapped the yUSDT to other stablecoins, allowing them to take hold of $11.6 million worth of stablecoins. This includes 61,000 Pax Dollar (USDP), 1.5 million TrueUSD (TUSD), 1.79 million Binance USD, 1.2 million Tether, 2.58 million USD Coin and 3 million Dai.
PeckShield said that the hacker has already managed to transfer 1,000 Ether, currently worth almost $2 million, to the sanctioned cryptocurrency mixer Tornado Cash. The blockchain security company also flagged the DeFi protocols Aave and Yearn.finance to inform them of what was transpiring.
After initial checks, lending platform Yearn.finance made a statement, saying the issue was limited to iearn, an outdated contract before vaults v1 and v2. The DeFi protocol stated that the current Yearn.finance contracts and protocols are not affected by the exploit.
We’re looking into an issue with iearn, an outdated contract from before Vaults v1 and v2.
This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols.
iearn is an immutable contract predating YFI, it was deprecated in 2020.
Vaults v1, with…— yearn (@iearnfinance) April 13, 2023
Meanwhile, Aave also said they are aware of the transaction. The liquidity protocol recently confirmed that the hack did not impact Aave v1, v2 or v3.
While hacks still plague the DeFi space in 2023, the amount of money lost to hacks has been lower compared with previous years. According to a quarterly report by blockchain security firm CertiK, more than $320 million were lost to hacks in the first quarter of 2023. The losses were much lower compared with 2022’s first quarter, where $1.3 billion was lost, and the fourth quarter when $950 million was lost to hacks.