A recent security breach in the decentralized finance (DeFi) space resulted in the minting of over 1 quadrillion Yearn Tether (yUSDT), valued at $11.6 million in stablecoins. PeckShield, a blockchain security firm, detected the hack and reported that the attacker managed to mint yUSDT using a deprecated contract from Yearn Finance. The hacker then exchanged the yUSDT for other stablecoins and transferred 1,000 Ether, equivalent to almost $2 million, to a cryptocurrency mixer called Tornado Cash.

PeckShield illustrates the flow of funds from the attack. Source: PeckShield

Yearn Finance, the lending platform affected by the attack, confirmed that the issue was limited to an outdated contract, iearn, and that its current contracts and protocols were not affected by the exploit. Similarly, Aave, another DeFi protocol, confirmed that its Aave V1, V2, and V3 were not impacted by the hack.

Although DeFi hacks continue to occur, the amount of money lost to such attacks has decreased in recent years. In the first quarter of 2023, blockchain security firm CertiK reported that losses due to hacks amounted to more than $320 million, significantly lower than the $1.3 billion and $950 million lost in the first and fourth quarters of 2022, respectively.