Yearn Finance suffers exploit, says $2.8 million stolen by attacker out of $11 million loss

DeFi platform Yearn.Finance said Thursday that one of its pools of funds had been exploited, resulting in the loss of $2.8 million.

"We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated," the project's official Twitter account said. Yearn.Finance is a so-called yield aggregator, through which users can deposit funds in pools — or vaults — which are then deployed to other DeFi protocols in an effort to generate yields for those depositors.

One of Yearn's core developers later shared details about the exploit on Twitter:

Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate. pic.twitter.com/1RWYyu0d5m

— banteg (@bantg) February 4, 2021

Stani Kulechov, the founder of DeFi platform Aave, later tweeted out the transaction at the heart of the exploit, involving numerous DeFi protocols and more than $5,000 worth of ETH-denominated gas fees.

"Complex exploit with over 160 nested transactions and 8,6 mm gas used (around 75% of the block) resulted to 2.7 mm USD loss," Kulechov wrote.

This story is developing and will be updated as more information becomes available.