Security firm PeckShield tweeted that decentralized finance (DeFi) protocols Aave and Yearn Finance were likely affected by a vulnerability this morning.
"DeFi Protocols Lose Over $11 Million"
Data shows that losses could total over $11 million.
According to PeckShield, the attack involved the flash credit attack, a type of arbitrage strategy that allows users to borrow money without collateral and repay it within the same transaction.
— PeckShield Inc. (@peckshield) April 13, 2023
Relevant Statement Received
Although it was stated from the Aave front that there might be this problem in V1 at first, it was stated that they were not affected by the problem afterwards. The description is as follows:
“We are aware of the situation and the vulnerability had no impact on Aave V2 and Aave V3. We are confirming whether it has had any impact on Aave V1, the oldest version of the protocol. We are monitoring the situation closely to ensure no further issues arise.
We can confirm that Aave V1 is also not affected."
We can confirm that Aave V1 was not impacted. More details below:https://t.co/8a7tTHuydm
— Aave (@AaveAave) April 13, 2023
Yearn Finance, on the other hand, acknowledged the attack, stating that it only occurred in older versions released in 2020.
We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and liquidity pool.
Yearn v2 vaults seem not to be impacted.
Yearn contributors are investigating.
Further comms to follow on main account. https://t.co/CKddWwjFj8
— Storm Blessed 0x 🇯🇵 (@storming0x) April 13, 2023
*Not investment advice.