A hacker took advantage of an old contract from Yearn Finance on Thursday, creating an exorbitant amount of yUSDT tokens, a U.S. dollar-pegged stablecoin, blockchain security firm PeckShield reported.
See related article: US Treasury warns DeFi is being used for illicit transfers
Fast facts
- The attacker exploited a vulnerability in the code of an outdated Yearn Finance contract, which allowed them to mint a quadrillion yUSDT stablecoins.
- The tokens were swapped for US$11.6 million in other stablecoins, including 61,000 USDP, 1.5 million TUSD, 1.79 million BUSD, 1.2 million USDT, and 2.58 million USDC and 3 million DAI.
- The suspicious address took the funds to other DeFi platforms, such as locking 1.5 million TUSD as collateral in Aave to borrow 634 Ether (US$1.26 million).
- The address has already sent at least 1,000 Ether to Tornado Cash, a mixing service sanctioned by the U.S. Treasury, PeckShiled added.
- Hackers stole at least US$3.8 billion in cryptocurrencies throughout 2022, the highest recorded total, according to blockchain forensics firm Chainalysis. DeFi platforms suffered more than 82% of the crypto losses last year.
See related article: S. Korean exchange GDAC hacked, loses around 23% of its assets