Connect with us

Hi, what are you looking for?

Oracle of  Omaha SaysOracle of  Omaha Says

Editor's Pick

Hackers Drain Funds from Defunct DeFi Lending Protocol Yield Protocol

Hackers have successfully exploited the smart contracts of the now-defunct decentralized finance (DeFi) lending protocol Yield Protocol, draining crypto assets amounting to approximately $181,000.

Yield Protocol ceased operations in December 2023, citing challenges with diminishing business demand and mounting global regulatory pressures. 

Yield Protocol Exploited Despite Warnings, Hacker Withdraws $181,000

Hi @yield, you may want to a look (w/ $181K)

— PeckShield Inc. (@peckshield) April 30, 2024

Despite Yield Protocol’s repeated advisories for investors to close their positions, withdraw funds, and settle pending loans following its wind-down, an unidentified hacker exploited weaknesses within the protocol’s strategic contracts deployed on the Arbitrum blockchain. Blockchain investigation firm PeckShield initially disclosed the breach, which CertiK later corroborated.


We have seen an exploit on @yield strategy contracts on Arbitrum for ~$181K.

The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.

Stay Vigilant!

— CertiK Alert (@CertiKAlert) April 30, 2024

According to CertiK’s investigation findings, the hacker exploited a discrepancy between the pool token balance and total supply using flash-loaned assets, allowing them to withdraw additional pool tokens.

ALERTOur system has identified a suspicious transaction linked to @yield. This suspicious address has been flagged since the malicious contract deployment.

The attacker managed to acquire $181K, initially funded by @ChangeNOW_io on #Arbitrum. The funds remain in the…

— Cyvers Alerts (@CyversAlerts) April 30, 2024

Further insights provided by the web3 cybersecurity alert firm Cyvers Alert revealed that the attacker initially obtained funds amounting to $181,000, which were facilitated by @ChangeNOW_io on the Arbitrum network. These funds remain in the attacker’s possession.

Yield Protocol was among the 11 decentralized finance protocols impacted by the attack on the noncustodial lending platform Euler Finance. Following the March 13 attack, Yield Protocol temporarily halted mainnet borrowing and reported losses from its liquidity pools of less than $1.5 million, whereas Euler Finance suffered losses exceeding $195 million.

However, on May 18, Yield Protocol announced its return to full functionality. Users were informed they could resume borrowing and lending for the June and September series. Additionally, the protocol outlined a timeline, estimating that users would take approximately a week to claim replacement tokens.

Yield Protocol Recovers from Hack, Faces New Challenges; Cryptocurrency Industry Continues to Combat Security Risks

Following Euler’s recovery of most of the lost funds from the hackers in April, Yield Protocol collaborated with Euler on the restitution process. This involved deploying 26 new contracts and executing approximately 300 permissioned calls to reset the fixed-yield token maturities and restore the protocol to its previous state.

To ensure that users are fully compensated for any losses incurred, Yield Protocol initiated a process whereby liquidity provider tokens are swapped for newly minted tokens created during restoration. In a blog post, Yield Protocol expressed gratitude that the hack did not result in losses for the community. Still, it acknowledged the arduous journey to restoring the protocol to full functionality.

However, amid these efforts, Yield Protocol faced another challenge in May when a bug was discovered in its strategy contracts. This necessitated a two-week pause in the protocol’s operations while the issue was addressed and resolved.

However, the Yield Protocol officially terminated its support on February 2, and while the protocol had experienced periods of resurgence in the past, efforts to reclaim the stolen funds appear improbable.

The cryptocurrency industry continues to grapple with security challenges, with the erosion of legitimacy stemming from ongoing hacking incidents and fraudulent activities. In the first quarter of 2024, approximately $336.3 million worth of cryptocurrencies fell victim to hacks and rug pulls across 46 hacking incidents and 15 cases of fraudulent activities, as reported by blockchain security firm Immunefi.

Despite efforts to mitigate losses, only $73.9 million (22%) of the stolen funds from seven exploits in Q1 were successfully recovered. However, there was a slight improvement in the number of attacks, with a decrease of 17.6% compared to Q1 2023, totaling 61 incidents in 2024.

March was particularly challenging, with nearly $100 million in digital assets stolen, according to blockchain security firm PeckShield. Over 30 hacking incidents occurred during this period, resulting in $187 million in lost funds. However, there was a silver lining, with 52.8% of the hacked funds being successfully returned.

The post Hackers Drain Funds from Defunct DeFi Lending Protocol Yield Protocol appeared first on Cryptonews.

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.

    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Latest News

    A former Republican legislative candidate who traveled to Washington for former President Donald Trump’s ‘Stop the Steal’ rally was arrested Friday and charged with...


    Even as U.S. inflation broadly cools, frozen vegetable prices are hot. The average shelf price for frozen veggies rose by 18% in the past year...

    Latest News

    Abbe Lowell, Hunter Biden’s attorney, filed an ethics complaint Friday against Georgia Rep. Marjorie Taylor Green after she displayed censured nude photos of the president’s...

    Latest News

    President Biden has overruled the Pentagon and chosen Adm. Lisa Franchetti to lead the Navy, making her the first woman, if she’s confirmed, to...

    Disclaimer:, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2024