Dead protocol leaks crypto funds from hacked pool
Hackers managed to drain funds by exploiting smart contracts of defunct decentralized finance (DeFi) lending protocol Yield Protocol.
Yield Protocol shut down in December 2023, citing an inability to keep up with the lack of business demand and global regulatory pressures. Following the wind-down, Yield Protocol advised investors numerous times to close their positions, withdraw funds and pay off pending loans.
Despite the warnings, an unknown hacker stole approximately $181,000 worth of crypto assets from Yield’s strategic contracts present on the Arbitrum blockchain. The hack was first announced by blockchain investigation firm PeckShield and later confirmed by CertiK.
Based on a follow-up investigation, CertiK’s found:
“The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens.”
Official support for the Yield Protocol ended on Feb. 2, and despite a history of resurgence, an attempt to recover the hacked funds seems unlikely.
In March 2023, Yield Protocol, along with 10 other decentralized finance protocols, suffered losses after the attack on the noncustodial lending protocol Euler Finance. By July 2023, Yield Protocol had fully recovered from the Euler flash loan attack.
At the time, Yield Protocol worked with Euler on the return of the funds by deploying 26 new contracts and executing about 300 permissioned calls to reset the fixed-yield token maturities and restore the protocol.
Related: Lazarus Group laundered over $200M in hacked crypto since 2020
Blockchain security firm Immunefi recently reported a 23% decline in losses due to hacking and scams in the first quarter of 2024 compared to 2023.
According to the report, approximately $336.3 million was lost to hacking and fraud incidents in Q1 of 2024, down from $437.5 million in the same quarter of 2023.
The report identifies 46 hacking incidents and 15 cases of fraudulent activities. Cross-chain bridge protocol Orbit Bridge lost the most at $81.7 million.
Magazine: 68% of Runes are in the red — Are they really an upgrade for Bitcoin?
