DeFi platform Yearn Finance has suffers a flash loan attack, with millions of funds withdrawn by the hacker. The exploit is concentrated on Aave V1 liquid protocol, blockchain security firm PeckShield reported on Thursday. Yearn security team is aware of the issue and working on a fix.

PeckShield in a subsequent tweet revealed that the root cause is likely due to the misconfigured yUSDT, which is exploited to mint huge yUSDT (approx. 1,252,660,242,212,927.5) from just $10K USDT. The huge yUSDT is then cashed out by swapping to other stablecoins. However, it needs to be confirmed if Aave has any role in the hack.

Flow of Stolen Funds
The Flow of Stolen Funds. Source: PeckShield

Also Read: Ethereum (ETH) Withdrawn After Shanghai (Shapella) Upgrade: Details

Beosin Alert noted that the total loss in the Yearn Finance hack is nearly $11,539,783. The blockchain security platform also reported the wallets having the most stolen funds from Yearn Finance. It also confirmed withdrawals of 996k USDC, 570k DAI, and 241k USDT from Aave Lending Pool Core V1.

Hackers grabbed nearly $11.6 million worth of stablecoins, including 61K USDP, 1.5 million TUSD, 1.8 million BUSD, 1.2 million USDT, 2.58 million USDC, and 3 million DAI. The hackers transferred 1.5 million TUSD to AAVE, and borrowed 634 ETH from AAVE. They then swapped some stablecoins for 600 ETH, with 1,000 ETH already transferred into Tornado Cash.

Aave Not Impacted By Yearn Finance Hack

Crypto researcher Samczsun claimed that Yearn Finance’s version of USDT, called yUSDT, has been broken since it was deployed around three years ago. He said it was “misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.”

Aave team confirmed that the Aave V1 protocol was used but is not impacted by the hack. Aave CEO Stani Kulechov took to Twitter to confirm this.

The post Just-In: Yearn Finance Suffers Flash Loan Exploit, Is Aave Also Impacted? appeared first on CoinGape.