Yearn Finance, a DeFi platform, was the victim of a flash loan attack in which the hacker withdrew millions of dollars. According to a Thursday report from blockchain security company PeckShield, the Aave V1 liquid protocol is the focus of the hack. The Yearn security team is aware of the problem and is developing a solution.

In a later tweet, PeckShield said that the misconfigured yUSDT, which is exploited to create large amounts of yUSDT from just $10K USDT, is most likely the primary reason. The enormous yUSDT is then converted to other stablecoins and cashed out. Aave's involvement in the hack remains to be confirmed, though.

According to Beosin Alert, the Yearn Finance hack resulted in a total loss of around $11,539,783. The wallets where Yearn Finance money was stolen the most, according to the blockchain security platform, were also identified. Additionally, it verified withdrawals from Aave Lending Pool Core V1 of 996k USDC, 570k DAI, and 241k USDT.

Stablecoins worth around $11.6 million were stolen by hackers, including 61K USDP, 1.5M TUSD, 1.8M BUSD, 1.2M USDT, 2.58M USDC, and 3M DAI. The hackers borrowed 634 ETH from AAVE and transferred 1.5 million TUSD to them. Following that, they exchanged some stablecoins for 600 ETH after transferring 1,000 ETH to Tornado Cash.

Yarn Finance Hack Does Not Impact Aave :

Samczsun, a crypto researcher, asserted that Yearn Finance's implementation of USDT, known as yUSDT, has been flawed ever since it was introduced about three years ago. He said that it had been "misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token."

The Aave team acknowledged use of the Aave V1 protocol, which was unaffected by the breach. Stani Kulechov, CEO of Aave, confirmed this on Twitter.