Key Takeaways
- Reportedly, the attack which targeted Yield’s contracts on the Arbitrum blockchain, resulted in the theft of roughly $181,000 worth of crypto assets.
- The attacker allegedly capitalized on a discrepancy between the pool token balance and total supply to steal funds.
Defunct decentralized finance (DeFi) lending platform Yield Protocol suffered a fresh blow in April 2024 after hackers exploited a vulnerability in its smart contracts. This comes despite the platform shutting down operations in December 2023 due to a lack of demand and regulatory pressures. The attack, which targeted Yield’s contracts on the Arbitrum blockchain, resulted in the theft of roughly $181,000 worth of crypto assets.
At its peak in April 2022, the protocol known for offering fixed-rate lending and borrowing for stablecoins had over $22 million in total value locked. In December 2023, they announced their closure, urging users to withdraw funds and close positions. However, as reported by blockchain security firms PeckShield and CertiK, an attacker capitalized on a discrepancy between the pool token balance and total supply to steal funds.
“The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens,” CertiK revealed in a follow-up investigation.
This is however not the first time the DeFi Protocol has been subject to a exploit, In March 2023, the platform suffered collateral damage from a hack on another DeFi platform, Euler Finance. The Euler exploit caused Yield Protocol to pause borrowing and resulted in losses of under $1.5 million from their liquidity pools. Fortunately, they were able to recoup these losses entirely by July 2023 after Euler Finance recovered most of the stolen funds.
While DeFi continues to grow, it remains a prime target for hackers. With a staggering $100 billion of total value locked in Web3 protocols, deFi remain plagued with exploits, accounting for all of the major hacks identified by blockchain security firm Immunefi in Q1, compared to zero for centralized finance platforms.
Immunefi, however, reported a 23% decrease in overall hacking losses in Q1 2024 compared to 2023. In Q1 2024, an estimated $336.3 million was lost to hacking and fraud incidents in DeFi, down from $437.5 million in the same period of 2023. In March 2024 alone, eleven DeFI attackers drained over $1 million apiece with losses exceeding over $100 million
