Hackers recently exploited the smart contracts of the decentralized finance lending protocol Yield Protocol, resulting in the draining of approximately $181,000 in crypto assets. The protocol had ceased operations in December 2023 due to diminishing business demand and global regulatory pressures. Despite repeated warnings for investors to withdraw their funds following the wind-down, a hacker identified weaknesses in the protocol’s strategic contracts deployed on the Arbitrum blockchain. PeckShield and CertiK were among the blockchain investigation firms that initially disclosed and corroborated the breach.
CertiK’s investigation revealed that the hacker exploited a discrepancy between the pool token balance and total supply using flash-loaned assets, enabling them to withdraw extra pool tokens. Cyvers Alert provided further insights that the attacker initially acquired $181,000 in funds, with the help of @ChangeNOW_io on the Arbitrum network. This incident was part of a larger attack on the noncustodial lending platform Euler Finance, impacting multiple DeFi protocols. Yield Protocol faced losses from liquidity pools but was able to resume operations by May 18, allowing users to borrow and lend for specific series.
Following Euler Finance’s recovery of most funds from hackers in April, Yield Protocol collaborated on the restitution process, deploying new contracts and executing permissioned calls to reset fixed-yield token maturities. To compensate users for losses, a swap of liquidity provider tokens for newly minted tokens was initiated. Despite facing challenges such as a bug in strategy contracts, the protocol gradually restored functionality and aimed to safeguard the community from further losses. However, efforts to reclaim stolen funds seem unlikely as the protocol officially terminated support in February 2024.
The cryptocurrency industry continues to grapple with security challenges, with hacking incidents and fraudulent activities eroding legitimacy. In the first quarter of 2024, approximately $336.3 million worth of cryptocurrencies fell victim to hacks and rug pulls across various incidents. Only 22% of stolen funds from exploits were successfully recovered, indicating the difficulty in mitigating losses. Despite a slight decrease in the number of attacks compared to the previous year, the industry faced significant challenges in the first quarter of 2024, with March being particularly challenging.
Blockchain security firms reported over 30 hacking incidents resulting in $187 million in lost funds during March alone. However, there was some success in returning 52.8% of the hacked funds. The industry continues to combat security risks and implement measures to protect users and investors from potential breaches. The prevalence of hacking incidents underscores the importance of ongoing vigilance, audits, and security protocols within the cryptocurrency ecosystem to safeguard against malicious actors and ensure the integrity of DeFi platforms for all stakeholders.
