November 16, 2024

After Yearn exploit, attacker funds frozen and reimbursement plans developing

Seized funds bring the damage down to $9 million as multiple communities ponder the next step in reimbursing user funds

Following an exploit last night that cost yield vault project Yearn.finance $11 million in stablecoin DAI, crypto community members from multiple projects have rallied to mitigate the effects, reclaim exploited funds, and reimburse affected users. 

First reported by the project at 5:09 pm EST, the exploit was a complex arbitration attack on Yearn’s version 1 DAI yield vault. According to a disclosure published by Yearn this morning, the exploit — which featured over 160 nested transactions and has been called one of the most complex to date — netted the attacker $2.7 million in profits, and cost the vault $11 million in DAI.

But, much like how Yearn core contributors are often among those who convene in the wake of other projects experiencing exploits, the crypto community is stepping in to help.

Shortly after the vulnerability disclosure, stablecoin Tether CTO Paolo Ardoino announced in a Tweet that the company had frozen $1.7 million in stolen funds, which will presumably be returned to the project.

Likewise, senior Yearn core developer Banteg has informally proposed to the MakerDAO community the creation of a purpose-built collateralized debt position (CDP) to make affected users whole. 

If the proposal moves forward, the CDP will be funded from the 6666 YFI tokens that were minted this morning after a rancorous debate about the creation of a Yearn treasury.

“We are contemplating opening a cdp with the minted yfi to make the vault whole,” Banteg wrote in the MakerDAO chat shortly after the exploit last night. “Share price can be reverted back by airdropping 11m dai to it.”

In a statement to Cointelegraph, semi-anonymous core contributor Tracheopteryx noted that the proposal is one among many “initial ideas,” and that “nothing has been decided yet.”

“Many people in our community are brainstorming potential responses to the 11M yDAI vault exploit last night […] One option is to open a new CDP at Maker for YFI, deposit some of our newly minted tokens, mint DAI, then pay that DAI into the yDAI vault. After this we could pay off the debt over time from fees,” he said.

So far, the MakerDAO community seems to back the idea. An informal poll shows 93% support for the creation of a CDP from 28 voters. Likewise, commentators in MakerDAO’s chat noted the potential marketing benefits of stepping in to assist another DAO, as well as the historic nature of such a proposal.

The historical implication seemed to particularly excite Banteg:

“daos bailing out daos is the future we deserve.”

Please enter CoinGecko Free Api Key to get this plugin works.