Decentralized finance platform Yearn Finance has lost almost $9 million worth of assets following a crypto heist that exploited a vulnerability in its yETH pool, reports Infosecurity Magazine.Attackers leveraged a desynchronization issue in the yETH pool's cached storage system to facilitate repeated deposits and withdrawals via flash loans, resulting in the accumulation of residual virtual balances, according to findings from Check Point Research. After emptying the pool's LP tokens, threat actors then deposited 16 wei to trigger the weakness before exchanging newly minted yETH for underlying assets, converting the proceeds, and conducting money laundering."For defenders, this exploit reinforces that correctness in complex systems requires explicit handling of ALL state transitions, not just the happy path," said researchers, who noted that implementing transaction simulations and sequence-level monitoring, as well as atypical minting behavior restrictions, could have averted such a compromise.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds