Yearn Finance’s $9M Oopsie: How 16 Wei Became 235 Septillion yETH Tokens!
Check Point Research reveals a flaw in Yearn Finance’s yETH pool allowed an attacker to mint 235 septillion yETH tokens after depositing just 16 wei, worth $0.000000000000000045. Exploiting desynchronized virtual balances, the perpetrator creatively turned a tiny deposit into $9 million in assets, proving crime sometimes does pay—if you’re a coding genius.
Hot Take:
Yearn Finance might have just set a new world record for the most zeroes ever printed on a fraudulent banknote. Who knew you could mint 235 septillion yETH tokens by depositing less than the cost of a sneeze? Looks like Ethereum needs more than just virtual currency; it might require a virtual reality check!
Key Points:
- An attacker exploited a vulnerability in Yearn Finance’s yETH pool to mint 235 septillion yETH tokens.
- The flaw was due to a reset error in the pool’s cached storage system.
- The attacker used flash loans and virtual balance manipulation to pull off the heist.
- About $9 million in assets were drained as a result of this exploit.
- Security experts emphasize the need for better handling of complex systems and transitions to prevent such breaches.
Already a member? Log in here