Dead protocol leaks crypto funds from hacked pool

Hackers exploited vulnerabilities in smart contracts on the defunct DeFi lending protocol Yield Protocol, draining $181,000 in crypto assets. Despite multiple warnings from Yield Protocol to close positions and withdraw funds following its shutdown in December 2023, an unknown attacker capitalized on a discrepancy between pool token balance and total supply to execute the theft.

Hackers Exploit Smart Contract Vulnerability, Draining Funds from Yield Protocol

Los Angeles, CA – April 10, 2024 – A sophisticated hacking operation has targeted the defunct decentralized finance (DeFi) lending protocol Yield Protocol, resulting in the theft of approximately $181,000 worth of crypto assets. The attack, which exploited a vulnerability in the protocol's smart contracts, has raised concerns about the security of DeFi protocols and the need for robust measures to prevent future breaches.

Yield Protocol, which shut down its operations in December 2023 due to dwindling business demand and regulatory pressures, had repeatedly advised its users to close their positions, withdraw their funds, and repay any outstanding loans. Despite these warnings, an unidentified hacker managed to breach the protocol's security and drain funds from its strategic contracts on the Arbitrum blockchain.

Blockchain investigation firm PeckShield first detected the hack and later confirmed by CertiK. According to CertiK's investigation, the attacker exploited a discrepancy between the pool token balance and total supply, using flash-loaned assets to withdraw additional pool tokens before the discrepancy could be corrected.

Official support for Yield Protocol ended on February 2, 2024, and given the protocol's past history of recovering from attacks, the likelihood of recovering the stolen funds seems remote.

This incident is a stark reminder of the vulnerabilities that exist within DeFi protocols, which often rely on complex smart contract systems to automate financial transactions. While DeFi protocols offer the potential for increased financial freedom and transparency, they also present a tempting target for hackers seeking to exploit weaknesses in their systems.

In March 2023, Yield Protocol was among 10 DeFi protocols that suffered losses in the wake of an attack on the noncustodial lending protocol Euler Finance. Through collaboration with Euler, Yield Protocol was able to fully recover from the flash loan attack by deploying new contracts and resetting the maturities of its fixed-yield tokens.

However, the recent attack on Yield Protocol underscores the need for continuous vigilance and collaboration among DeFi developers, security experts, and law enforcement agencies to prevent and mitigate future breaches.

Blockchain security firm Immunefi, in a recent report, noted a 23% decline in losses due to hacking and scams in the first quarter of 2024 compared to the same period in 2023. While this is a positive trend, the report identified 46 hacking incidents and 15 cases of fraudulent activities in the first quarter of this year.

The report highlighted the cross-chain bridge protocol Orbit Bridge as the most significant victim of a hacking incident, losing approximately $81.7 million.

The challenges faced by DeFi protocols in securing their systems are compounded by the constant evolution of hacking techniques and the increasing sophistication of attackers. As DeFi continues to attract users and investors, it is imperative for protocols to implement robust security measures, conduct thorough audits, and educate users on best practices for protecting their assets.

The recent attack on Yield Protocol serves as a wake-up call for the DeFi industry, emphasizing the critical importance of prioritizing security and investing in measures to prevent and respond to hacking incidents. By working together and adopting a proactive approach to security, DeFi protocols can mitigate risks and build trust among users and investors alike.