Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack

Published at: Feb. 9, 2021

Major decentralized finance protocol Yearn.Finance (YFI) has restored its yDAI vault in the aftermath of a $11 million exploit by hackers.

Yearn announced Tuesday that they opened a Maker vault with YFI tokens from the treasury and minted 9.7 million DAI tokens from the vault to keep the yDAI vault intact. Using borrowed money allows the project to reimburse users without taking a hit to the treasury, either due to possible YFI appreciation or by gradually repaying the debt with protocol revenue. The team said that this is a one-off occurrence, as they expect users to hedge their own risks by purchasing coverage from Yearn ecosystem member Cover, which also got hacked recently.

yDAI vault restored!Yearn has opened a Maker Vault with YFI from the Treasury to mint 9.7m DAI and make the yDAI vault whole.It was done as a one-off celebration of going through this DeFi rite of passage. Don’t count on it happening again. Make sure to buy Cover next time. pic.twitter.com/6xNh3XEVYZ

— yearn.finance (@iearnfinance) February 9, 2021

The yDAI vault’s exploit was accompanied with a 15% crash in the price of Yearn Finance’s governance token in less than two hours, with YFI subsequently dropping from $35,000 to as low as $29,600. At the time of writing, YFI is trading at $31,747, down 2.4% over the past 24 hours.

Despite the brief crash, the total value locked in Yearn remained somewhat steady, with its TVL staying above the levels of January 2021 and December 2020. At publishing time, Yearn’s TVL amounts to $481.8 million, up around 1% over the past 24 hours, according to data from DeFi Pulse. Yearn is the 14th largest DeFi protocol by TVL at the time of writing.

The restoration of yDAI vault comes a couple of days after Yearn reported that its V1 version of yDAI vault was exploited by a hacker on Feb. 4. The exploit reportedly caused a loss of $11 million, though the attacker failed to reap most of the loot, with just 513,000 DAI and $1.7 million USDT going to the perpetrator.

As previously reported by Cointelegraph, Yearn.finance core core contributors and community members submitted and passed a proposal to increase the supply of YFI by 6666 tokens, or about $225 million at the time of proposal. The proposal is part of a wider discussion about incentives for DeFi developers, with the Yearn.finance community feeling like its contributors were not being properly incentivized amid much larger war chests from competitors.

The latest exploit is not the first attack targeting Andre Cronje-backed DeFi protocols. In September 2020, Eminence, an unreleased project being built by Yearn’s Andre Cronje, suffered a $15 million exploit.

Tags
Related Posts
Cream Finance to repay stolen Ether and Amp via protocol fees
Decentralized finance (DeFi) protocol Cream Finance will pay back its users following a $18.8 million flash loan hack that occurred on Aug. 30. Cream has published a post-mortem to the AMP flash loan exploit, promising to replace the stolen Ether (ETH) and Amp (AMP) tokens by allocating 20% of all protocol fees until the debt is paid entirely. Cream will also post collateral with relevant parties at AMP and its creators, Flexa digital payments network, to secure the debt. According to the post-mortem report, the latest flash loan exploit was the first time Cream Finance has suffered a direct exploit, …
Decentralization / Sept. 1, 2021
​​Cream Finance DeFi platform loses $19M in a flash loan hack
Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a severe exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token, according to an investigation by blockchain security firm PeckShield. Announcing the news Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token. “No other markets were affected,” Cream Finance stated. C.R.E.A.M. v1 market on …
Decentralization / Aug. 30, 2021
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Security firms are making it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …
Adoption / Feb. 23, 2022