DeFi yield farming project Yearn Finance has been hit by an exploit that has affected a DAI lending pool, according to its Twitter account.
The tweet, posted at around 5 PM Eastern US time, states: “We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.”
Yearn developer banteg, one of the administrators of the DeFi project’s website, followed with a few more details: “Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate.”
Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate. pic.twitter.com/1RWYyu0d5m
— banteg (@bantg) February 4, 2021
The suspected exploit involved 160 “nested transactions,” pointed out Aave founder and CEO Stani Kulechov.
The trading price for the YFI governance token fell sharply on the news, plummeting from $34,700 to $30,500 in minutes (though it’s since rebounded slightly).
Yearn aggregates DeFi lending protocols such as Aave and Compound to make sure users get the best return on their loan.
Update: An earlier version of this story claimed that $14 million was taken from yearn.finance. The actual number was closer to $11 million.