Beosin: The Yearn attack was caused by a contract error that led to a large issuance of yusdt, and the stolen funds have been transferred to Tornado Cash

2023-04-13 16:21:02

Collection

ChainCatcher news, according to monitoring by Beosin EagleEye, a blockchain security auditing company under Beosin, on April 13, 2023, the Yearn project was attacked by a hacker through a flash loan attack, resulting in losses exceeding $10 million.

The Beosin security team analyzed that this attack was caused by a contract configuration error, leading to a large issuance of yusdt. The attacker called the Yearn yusdt contract and controlled the token balance within it, causing the pool value to decrease abnormally. The pool is used as a divisor in the calculation of the minting amount, which allowed the attacker to mint a large amount of yusdt. The attacker then exchanged these yusdt for other stablecoins and exited. The Beosin KYT anti-money laundering analysis platform found that part of the stolen funds has been transferred to Tornado Cash, while the rest is still stored in the hacker's address.
Attack transactions:
0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d
0x8db0ef33024c47200d47d8e97b0fcfc4b51de1820dfb4e911f0e3fb0a4053138
0xee6ac7e16ec8cb0a70e6bae058597b11ec2c764601b4cb024dec28d766fe88b2
Attacker addresses:
0x8102ae88c617deb2a5471cac90418da4ccd0579e
0x16Af29b7eFbf019ef30aae9023A5140c012374A5
0x6f4A6262d06272c8B2E00Ce75e76d84b9D6F6aB8

Related tags

Yearn Tornado cash yusdt

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.