In a significant security breach, hackers exploited the smart contracts of the now-defunct Yield Protocol, a decentralized finance lending platform, resulting in the theft of approximately $181,000 worth of cryptocurrency. Despite warnings from Yield Protocol for investors to withdraw their funds and settle pending loans following the platform’s closure, an unidentified hacker took advantage of vulnerabilities within the protocol’s contracts on the Arbitrum blockchain. PeckShield and CertiK, two blockchain investigation firms, disclosed and confirmed the breach, revealing that the hacker exploited a discrepancy between the pool token balance and total supply using flash-loaned assets to withdraw extra pool tokens.
The attacker initially acquired $181,000 in funds facilitated by @ChangeNOW_io on the Arbitrum network, according to further investigations by cybersecurity firm Cyvers Alert. Yield Protocol was one of the 11 DeFi protocols impacted by a previous attack on the noncustodial lending platform Euler Finance, resulting in temporary halts on mainnet borrowing. Euler Finance reported losses exceeding $195 million, while Yield Protocol’s losses from liquidity pools were under $1.5 million. Despite these challenges, Yield Protocol announced its return to full functionality, allowing users to resume borrowing and lending for upcoming series, with a process in place for users to claim replacement tokens over a week’s time.
Following Euler Finance’s recovery of most of the lost funds, Yield Protocol collaborated with Euler on the restitution process, deploying new contracts and executing permissioned calls to reset fixed-yield token maturities and restore the protocol. To compensate users for any incurred losses, Yield Protocol initiated a swapping process for liquidity provider tokens with newly minted tokens created during the restoration. However, the protocol faced a new challenge in May when a bug was discovered in its strategy contracts, prompting a two-week pause in operations for resolution. With the protocol officially terminating support in February and efforts to reclaim stolen funds appearing unlikely, the cryptocurrency industry continues to combat security risks amid ongoing hacking incidents and fraudulent activities.
The cryptocurrency industry continues to struggle with security challenges, with the erosion of legitimacy resulting from hacking incidents and fraudulent activities. In the first quarter of 2024, over $330 million worth of cryptocurrencies were lost to hacks and fraudulent activities across 46 hacking incidents and 15 cases of fraud. Only a fraction of the stolen funds were successfully recovered, amounting to approximately 22% of the total losses from seven exploits. Although there was a decrease in the number of attacks compared to the previous year, March proved to be particularly challenging, with nearly $100 million in digital assets stolen across 30 hacking incidents, resulting in $187 million in lost funds. Despite some success in returning hacked funds, the cryptocurrency industry continues to combat security risks and protect investors from further losses.
