A hacker took advantage of an old contract from Yearn Finance on Thursday, creating an exorbitant amount of yUSDT tokens, a U.S. dollar-pegged stablecoin, blockchain security firm PeckShield reported.

See related article: US Treasury warns DeFi is being used for illicit transfers

Fast facts

  • The attacker exploited a vulnerability in the code of an outdated Yearn Finance contract, which allowed them to mint a quadrillion yUSDT stablecoins. 
  • The tokens were swapped for US$11.6 million in other stablecoins, including 61,000 USDP, 1.5 million TUSD, 1.79 million BUSD, 1.2 million USDT, and 2.58 million USDC and 3 million DAI. 
  • The suspicious address took the funds to other DeFi platforms, such as locking 1.5 million TUSD as collateral in Aave to borrow 634 Ether (US$1.26 million). 
  • The address has already sent at least 1,000 Ether to Tornado Cash, a mixing service sanctioned by the U.S. Treasury, PeckShiled added
  • Hackers stole at least US$3.8 billion in cryptocurrencies throughout 2022, the highest recorded total, according to blockchain forensics firm Chainalysis. DeFi platforms suffered more than 82% of the crypto losses last year.

See related article: S. Korean exchange GDAC hacked, loses around 23% of its assets