Hackers have managed to exploit the smart contracts of the defunct decentralized finance (DeFi) lending protocol, Yield Protocol, and have drained approximately $181,000 in crypto assets. Yield Protocol shut down its operations in December 2023 due to decreasing business demand and increasing regulatory pressures.
Despite multiple warnings from Yield Protocol for investors to withdraw their funds and settle pending loans, an unidentified hacker took advantage of vulnerabilities in the protocol’s strategic contracts on the Arbitrum blockchain. The breach was initially discovered by blockchain investigation firm PeckShield and later confirmed by CertiK.
According to CertiK’s investigation, the hacker exploited a discrepancy between the pool token balance and total supply by using flash-loaned assets, which allowed them to withdraw additional pool tokens. Cyvers Alert, a web3 cybersecurity alert firm, revealed that the attacker obtained $181,000 in funds, facilitated by @ChangeNOW_io on the Arbitrum network. These funds are still in the possession of the hacker.
Yield Protocol was one of the 11 DeFi protocols affected by the attack on the noncustodial lending platform Euler Finance. After the attack on March 13, Yield Protocol temporarily halted mainnet borrowing and reported losses of less than $1.5 million from its liquidity pools, while Euler Finance suffered losses exceeding $195 million.
However, on May 18, Yield Protocol announced its return to full functionality, allowing users to resume borrowing and lending for the June and September series. The protocol also outlined a timeline for users to claim replacement tokens, estimating that it would take approximately a week.
To compensate users for any losses incurred, Yield Protocol initiated a process where liquidity provider tokens are swapped for newly minted tokens created during the restoration. The protocol expressed gratitude that the hack did not result in losses for the community but acknowledged the challenges faced in restoring full functionality.
Despite these efforts, Yield Protocol faced another challenge in May when a bug was discovered in its strategy contracts. This led to a two-week pause in the protocol’s operations while the issue was addressed and resolved.
Yield Protocol officially terminated its support on February 2, and the chances of reclaiming the stolen funds seem unlikely. The cryptocurrency industry continues to struggle with security challenges, as hacking incidents and fraudulent activities erode its legitimacy. In the first quarter of 2024, there were 46 hacking incidents and 15 cases of fraudulent activities, resulting in approximately $336.3 million worth of cryptocurrencies being stolen. Only $73.9 million (22%) of the stolen funds were successfully recovered.
However, there has been a slight improvement in the number of attacks compared to the first quarter of 2023, with a decrease of 17.6%. March was a particularly challenging month, with nearly $100 million in digital assets stolen across over 30 hacking incidents. However, there was some positive news, as 52.8% of the hacked funds were successfully returned.
Follow Us on Google News