Yearn Finance and Aave, two popular decentralized finance (DeFi) protocols, have suffered a flash loan attack that resulted in the loss of millions of dollars worth of stablecoins.
The on-chain analyst Lookonchain reported on Twitter that the exploiter has made away with over $10 million in stablecoins, including DAI, USDC, BUSD, TUSD, and USDT. The attacker carried out the exploit in real-time, leaving many users vulnerable.
An exploiter attacked @iearnfinance and @AaveAave.
The exploiter got over $10M in stablecoins.
Including:
– 3,032,142 $DAI
– 2,579,483 $USDC
– 1,785,091 $BUSD
– 1,512,528 $TUSD
– 1,193,756 $USDThttps://t.co/nT0PhL1cDC pic.twitter.com/ukOQagk1n5— Lookonchain (@lookonchain) April 13, 2023
Following the attack, users were advised to withdraw their assets from the platforms immediately. Lookonchain also shared the exploiter’s address, which contained the stolen assets.
In a separate Twitter thread, knowledge graph protocol 0xScope highlighted that while Yearn Finance was being exploited, its YFI token was ranked as the most deposited altcoin in the last 24 hours.
However, the coincidence was that the token dropped 5% in the past hour, said 0xScope. It was also revealed that 360 YFI, worth $3.3 million, had been deposited to a centralized exchange in 67 transactions, all before the exploit.
This attack came at a time when flash loans were on the rise, and bad actors were taking advantage of them in increasing numbers of exploits. In the first quarter of 2023, a total of $200 million was lost through this style of exploit, according to data from Chainalysis. Flash loans are different from other kinds of loans in that they do not require a lengthy approval process, making them quick and easy to execute.
