Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
A bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit this morning, security firm PeckShield tweeted, leading to millions of dollars in losses. Losses could total over $11 million and occurred on Aave version 1, the data suggested. These were spread over U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD). Reported loss: $11,000,000.
- chain
- —
- protocol
- Yearn
- bug_class
- unknown
- date_occurred
- 2023-04-13
- loss_usd
- $11,000,000
- source_id
- cs:yearn::2023-04-13