Yearn Finance has suffered an exploit in one of its DAI lending pools, according to the decentralized finance (DeFi) protocol’s official Twitter account.
The dollar value of the exploit is still unknown, although Yearn Finance shows percentage losses for the vault in the triple digits.
An Aave flash loan was used to trigger the vault draining, according to an Ethereum address presumed to be associated with the exploit.
Users in the Yearn Discord and Telegram channels began reporting drains. At 4:38 p.m. ET in the Yearn Discord server, Jeffrey Bongos wrote, “Anyone know why v1Dai vault is showing that I’ve lost thousands of Dai in the last few minutes?”
At a little after 5 p.m. ET, the front end of the v1 vaults on the Yearn website showed a loss of 1059%.
At 5:14 p.m. ET, banteg, from the Yearn team, posted in Discord: “Attacker got away with 2.8m, dai vault lost 11.1m.”
Yearn’s YFI governance token had a price drop of $4,000 on the news. Just after the attack became public, the UniWhales Twitter account reported a large sale of YFI for ETH:
This is a developing story and will be updated.