Yield Protocol Exploited: Hacker Drains $181,000 – Last Updated: April 30, 2024

Hackers Drain $181,000 from Defunct DeFi Protocol Yield Protocol

In a daring cyber attack, hackers have successfully exploited the smart contracts of the now-defunct decentralized finance (DeFi) lending protocol Yield Protocol, draining approximately $181,000 in crypto assets. Yield Protocol, which ceased operations in December 2023 due to business demand challenges and regulatory pressures, fell victim to the breach despite warnings to investors to withdraw their funds.

The unidentified hacker took advantage of weaknesses within Yield Protocol’s strategic contracts deployed on the Arbitrum blockchain. Blockchain investigation firms PeckShield and CertiK confirmed the breach, revealing that the hacker exploited a discrepancy between the pool token balance and total supply using flash-loaned assets to withdraw additional pool tokens.

Cyvers Alert provided further insights, indicating that the attacker initially acquired $181,000 in funds facilitated by @ChangeNOW_io on the Arbitrum network. Despite efforts to recover the stolen funds, Yield Protocol faced challenges in restoring functionality, including a two-week pause in operations due to a bug in its strategy contracts.

The cryptocurrency industry continues to combat security risks, with a reported $336.3 million worth of cryptocurrencies falling victim to hacks and fraudulent activities in the first quarter of 2024. While efforts to recover stolen funds have seen some success, the industry remains vulnerable to cyber attacks.

As Yield Protocol works to address security vulnerabilities and restore functionality, the incident serves as a reminder of the ongoing challenges faced by DeFi platforms in safeguarding user assets and maintaining trust in the digital asset ecosystem.