Hacker Steals $2.8 Million from Cryptocurrency 'Vault' Despite 'Unhackable' Blockchain Security
Hacker Steals $2.8 Million from Cryptocurrency ‘Vault’ Despite ‘Unhackable’ Blockchain Security
News Ethereum Cryptocurrency
On Thursday evening, an unknown entity stole $2.8 million from a shared digital “vault” on the investment website Yearn.finance. The culprit exploited the vault using Aave, an open-source cryptocurrency platform that allows people to make “flash loans,” a rapid borrowing and repaying of money without the need for collateral.
Yearn.finance has yet to issue a full report explaining exactly what happened, but the theft may show that blockchains, a security technology behind cryptocurrency transactions once thought to be “unhackable,” actually have vulnerabilities.
To understand what happened, one must understand a little bit about how Yearn.finance works.
Yearn.finance allows its users to deposit funds in collective digital pools called “vaults.” The vaults are then handled like actively managed mutual funds, with the funds used in other “decentralized finance” or “DeFi” offerings with the goal of generating additional earnings.
Specifically, Yearn.finance bases its transactions on Ethereum, a versatile cryptocurrency that can be processed through programming codes for various functions, called “smart contracts.” Like other cryptocurrencies, Ethereum tracks all of its uses through blockchains, digital records that store information of every transaction and are verified by multiple computers in a decentralized network.
In this case, the thief exploited the vault by issuing an Aave flash loan, allowing them to quickly drain the vault before they could be stopped. An unknown person was able to steal $2.8 million from a shared digital “vault” on Yearn.Finance, a service that allows users to deposit their funds in collective digital pools. Vault funds are then used in other “decentralized finance” (DeFi) offerings with the goal of generating additional earnings for the vault’s depositors. peshkov/Getty
News of the theft first broke on Discord, a community-centered instant messaging and digital distribution platform on Thursday evening.
At 4:38 p.m., Jeffrey Bongos, a user on Yearn’s Discord server, wrote, “Anyone know why v1Dai vault is showing that I’ve lost thousands of Dai in the last few minutes?” His comment was reported by Yahoo! Finance.
Bongos’ mention of “DAI” refers to a type of “stable coin” designed to maintain 1-to-1 parity between Ethereum and the U.S. dollar. Simply put, the Ethereum pooled in the vault was expressed in U.S. dollars.
A little after 5 p.m., the Yearn website showed the vault having sustained a loss of 1059 percent. At 5:14 p.m., a member of Yearn.finance’s team wrote on Discord, “Attacker got away with 2.8m.” Read more