Yam Finance thwarts governance attack aimed at hijacking its treasury

Quick Take

  • The attacker introduced a governance proposal that would have transferred control of the Yam Finance reserves to the hacker’s wallet.
  • Yam Finance has a treasury worth more than $3 million.

Yam Finance, a decentralized finance (DeFi) protocol, prevented a malicious governance attack designed to cede control of its reserves to an unknown third party, the project said on Saturday.

According to a preliminary report issued by Yam DAO, the attack was launched on July 7, but detected two days later. The attacker submitted a governance proposal via internal transactions, making it difficult for community members to notice.

This malicious governance proposal included an unverified contract designed to transfer control of Yam’s reserves to a wallet address controlled by the attacker. The rogue actor was initially able to achieve a quorum for the proposal that was in danger of being passed before it was stopped by the Yam Finance team.

If the attack had succeeded, it would have been able to drain the Yam Finance treasury, which currently holds $3.1 million worth of crypto assets, according to data from DeepDAO.

Yam Finance said the attack was similar to another attempt made in December 2021.