Blockchain Security Firm PeckShield: DeFi Protocol Yearn Finance Suffers $11 Million Exploit – Here's What Happened

cryptonews.com:

Decentralized finance (DeFi) protocol Yearn Finance has fallen victim to an attack which occurred on Aave version 1, leading to the theft of about $11 million worth of Dai (DAI), Tether (USDT), USD Coin (USDC), Binance USD (BUSD) and Tru USD (TUSD) tokens, according to an investigation carried out by blockchain security firm PeckShield.

In the meantime, Yearn Finance’s team has reacted to the latest development with a statement to calm down its users.

“We're looking into an issue with iearn, an outdated contract from before Vaults v1 and v2. This problem seems exclusive to iearn and does not impact current Yearn contracts or protocols,” the protocol tweeted. 

“iearn is an immutable contract predating YFI, it was deprecated in 2020. Vaults v1, with upgradeable strategies, was also deprecated in 2021. There's no indication it's affected. The current version, Yearn v2 Vaults (written in Vyper), remains unaffected as well,” Yearn Finance said.

The protocol added its team is currently further investigating the issue.

The latest exploit comes roughly two months after Yearn Finance joined forces with a number of leading DeFi protocols to champion decentralization, launching a Twitter campaign together with more than 30 projects. In addition to Yearn Finance, the campaign’s participants included Element, CoW Swap, Balancer, Aura Finance, Euler, Gearbox, Dopex, Pods, Opyn, SushiSwap, DegenScore, MakerDAO, Stake DAO, Zerion, Ajna, Aave, Oasis.app, and Pods Finance.

“There is something special happening in decentralized finance. This campaign celebrates what makes DeFi different from the systems it seeks to replace – executed in a way that could only work in this space. We hope it will serve as yet another reminder that, in the wake of