Yearn Finance stated that its yDAI vault was exploited for the loss of $11 million. They added that the vault is no longer vulnerable.

DeFi Hacker Makes Off With $2.7 Million

Though the attacker robbed Yearn of $11 million, exorbitant fees cost them millions to execute the hack.

They reportedly only profited $2.7 million, while liquidity pool fees and staker fees during the attack both came to $3.5 million each. Aave v2 fees amounted to $1.4 million.

The hacker took out a series of flash loans from dYdX and Aave, then used the funds as collateral for another loan on Compound. In doing this, the attacker essentially gamed the exchange rates on Yearn to accumulate CRV tokens to sell for stablecoins.

Yearn Finance stated that the community can expect a full report providing more details on the exploit.

We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.

— yearn.finance (@iearnfinance) February 4, 2021

YFI governance token fell from $34,700 to $30,500 before recovering slightly above $31,800.

Another DeFi Hack Shakes Confidence

The DeFi community has seen many hacks and exploits over the last few years, with approximately 100 million dollars lost to bad actors last year. DeFi hacks in 2020 accounted for 20% of all crypto crime.

There were over 19 major DeFi hacks last year, with $25 million lost to a drained dForce smart contract in April and $25 million lost in a flash loan exploit on the Harvest Finance platform in October.

Many of these attacks leveraged flash loans, giving the tool a rather notorious reputation.

The ease of access to flash loans for fast liquidity is a double-edged sword, granting people more financial freedom but also more liquidity to carry out major exploits like the latest yDAI vault hack.

Disclosure: The author held Bitcoin at the time of writing. Andre Cronje is an equity-holder of Crypto Briefing.