According to the Beosin EagleEye security risk monitoring, early warning and blocking platform, a subsidiary of the blockchain security audit company Beosin, on April 13, the Yearn project was attacked by hackers for flash loans. This attack resulted in losses of more than 10 million US dollars.
The Beosin security team analyzed and found that this attack was caused by a contract configuration error, which led to a large number of additional issuances of yUSDT. The attacker calls Yearn's yUSDT contract and controls the token balance, causing the value of the pool to decrease abnormally. The pool is used as a divisor to participate in the calculation of the number of minted coins. At this time, a large amount of yUSDT is minted for the attacker. The attacker uses these yUSDT was converted into other stablecoins and left the market. The Beosin KYT anti-money laundering analysis platform found that part of the stolen funds were currently transferred to Tornado Cash, and the rest was also stored at the hacker's address.