Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On August 13, 2020, the well-known Ethereum DeFi project YAM officially issued a post on Twitter indicating that there were loopholes in the contract. The price plummeted by 99% within 24 hours, resulting in the “permanent destruction” of the governance contract, with a value of 750,000 USD Curve tokens. It is locked and cannot be used. Since the value of totalSupply was taken during rebase, the value of totalSupply calculated incorrectly will not be immediately applied to initSupply through mint, so before the next rebase, the community still has a chance to recover this error and reduce losses. But once the next rebase is executed, the entire mistake will become irreparable. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 750,000.
- chain
- ethereum
- protocol
- YAM
- bug_class
- logic
- date_occurred
- 2020-08-13
- loss_usd
- $750,000
- source_id
- sm:yam::2020-08-13