VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The YieldCore-3rd-deal vault under Trading Protocol was exploited. The attacker took advantage of a missing caller authorization check in the contract, bypassing the permission mechanism and draining all funds from the vault in one go. The vault was permissionlessly listed (not a core part of the protocol itself). The entire vault was emptied. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 398,000.
Primary source
https://x.com/DefimonAlerts/status/2049365873069097237 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- YieldCore
- bug_class
- logic
- date_occurred
- 2026-04-28
- loss_usd
- $398,000
- source_id
- sm:yieldcore::2026-04-28
Related — same bug class· logic