Hackers recently exploited smart contracts from the defunct decentralized finance (DeFi) lending platform Yield Protocol, managing to siphon off around $181,000 worth of cryptocurrency assets.
Although Yield Protocol had closed down in December 2023 due to business demand challenges and regulatory pressures, it repeatedly advised investors to close their positions, withdraw funds, and settle pending loans.
Despite these warnings, an unknown hacker successfully targeted Yield Protocol’s smart contracts on the Arbitrum blockchain. The hack was initially reported by PeckShield, a blockchain investigation firm, and later confirmed by CertiK.
After further investigation, CertiK discovered that the attacker took advantage of a difference between the pool token balance and total supply using flash-loaned assets, allowing them to withdraw extra pool tokens. Unfortunately, since official support for the Yield Protocol ended on February 2, attempts to recover the stolen funds seem unlikely.
In March 2023, Yield Protocol, along with 10 other decentralized finance protocols, faced losses due to an attack on the noncustodial lending platform Euler Finance. However, by July 2023, Yield Protocol had fully recovered from the attack.
During the recovery, Yield Protocol collaborated with Euler to return the funds. They deployed 26 new contracts and executed about 300 permissioned calls to reset the fixed-yield token maturities and restore the protocol’s functionality.
Also Read: Aligned Layer Secures $20 Million In Funding Led by Hack VC