VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
On September 14, the stablecoin protocol Yala disclosed that a recent security incident occurred when a hacker abused a temporary deployment key during the setup of an authorized cross-chain bridge. The attacker deployed an unauthorized bridge and extracted 7.64 million USDC (approximately 1,636 ETH). On October 29, the suspect involved in the case was arrested by law enforcement in Bangkok, Thailand, and most of the affected funds have been successfully recovered. Attack method (per SlowMist): Security Vulnerability. Reported loss: $ 7,640,000.
Primary source
https://blog.yala.org/yala-post-mortem-september-14/ ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Yala
- bug_class
- access-control
- date_occurred
- 2025-09-14
- loss_usd
- $7,640,000
- source_id
- sm:yala::2025-09-14
Related — same bug class· access-control
2026-05-13
28d ago
ARB
access-control
$132.7K
AUDIT-CATCHABLE
2026-05-12
28d ago
ETH
access-control
$47.5K
UNRATED
2026-05-12
29d ago
—
access-control
$455.0K
UNRATED
2026-05-11
29d ago
POLY
access-control
$101.4K
AUDIT-CATCHABLE
2026-05-10
1mo ago
ARB
access-control
$209.0K
UNRATED
2026-05-10
1mo ago
ARB
access-control
$209.0K
UNRATED