Hacker Took The Money From The Defunct Yield Protocol
Based on a follow-up investigation, CertiK's found: "The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens."
Hackers managed to drain funds by exploiting smart contracts of the defunct decentralized finance (DeFi) lending protocol Yield Protocol.
Yield Protocol shut down in December 2023, citing an inability to keep up with the lack of business demand and global regulatory pressures. Following the wind-down, Yield Protocol advised investors numerous times to close their positions, withdraw funds and pay off pending loans.
Despite the warnings, an unknown hacker stole approximately $181,000 worth of crypto assets from Yield's strategic contracts present on the Arbitrum blockchain. The hack was first announced by blockchain investigation firm PeckShield and later confirmed by CertiK.
Based on a follow-up investigation, CertiK's found: "The attacker exploited a discrepancy between the pool token balance and total supply with flash-loaned assets and then withdrew extra pool tokens."
Official support for the Yield Protocol ended on February 2, and despite a history of resurgence, an attempt to recover the hacked funds seems unlikely.
In March 2023, Yield Protocol, along with 10 other decentralized finance protocols, suffered losses after the attack on the noncustodial lending protocol Euler Finance. By July 2023, Yield Protocol had fully recovered from the Euler flash loan attack.
At the time, Yield Protocol worked with Euler on the return of the funds by deploying 26 new contracts and executing about 300 permissioned calls to reset the fixed-yield token maturities and restore the protocol.
