Hacker exploits flash loan, leaking $181,000 from abandoned Yield Protocol

Over $181,000 of cryptocurrency portfolio has been lost through malicious attacks targeting the strategic contracts Yield Protocol. This event might be regarded as the latest DeFi security drawback. The assault was a buttoned-down offensive on the smart contracts of the tagged Yield Protocol on the Arbitrum blockchain. The attack was done even after a protocol stopped running its operations.

Inside the Yield Protocol Breach

Blockchain investigation company Peckshield first noticed the incident, which was then disclosed by the digital asset security platform – CertiK. The hacker stole the funds through a vulnerability that disrupted the pool token balance and the total supply. 

Hi @yield, you may want to a look (w/ $181K) pic.twitter.com/wbzVgrvyyy

— PeckShield Inc. (@peckshield) April 30, 2024

The hacker enlisted the help of flash-loaned assets to steal even more pool tokens. The concerned hacker executed this sophisticated maneuver, which enabled the withdrawal of funds from the attacked contracts, causing the entity to experience significant damages. Though the Yield Protocol might have had its share of obstacles, the vision and perseverance of the participants gave them the strength to overcome them.

Yield Protocol shut its doors in December of 2023; the reasons cited were regulatory encumbrance and the deteriorating market demand. To its credit, this just-released data confirms repeated advisories to investors to exit their positions and get back their money. It nonetheless points to some existing security issues where investors may fail to comply. The nod of acceptance from the Yield Protocol was terminated by February 2024, and this uncertainty gives room for doubt if the fund would be recovered.

Flash loan attacks are the most common way of exploiting vulnerabilities in DeFi.

Currently, this event is not the first platform to take advantage of the flash loan feature of the DeFi. In March 2023, Yield Protocol and some other DeFi platforms were victims of an attack on the ERFLA. By July 2023, managing to overcome the Euler flash loan attack that hit Yield Protocol, the recent breach points to the need for better security solutions as DeFi ecosystems keep growing and becoming complex.

Report Reveals Decline in Crypto Breaches

However, recent studies showing reduced losses to hacking and fraud from the 2023-2024 first quarters reported by Immunefi blockchain security company prove that such breaches are not a matter of fact. The report displays a difference of (23%) in losses, where $336.3 million was lost in Q1 2024 as distributed in hacking and fraud incidents, as the prior cases of Q1 2023 were recorded to be approximately $437.5 million. Nevertheless, the podcast alleges some prevalent weaknesses of the web3 space, where the hackers prey on different protocols for financial gain.

Source: Immunefi blockchain

The study conducted by Immunefi reports 61 security issues and frauds within the web3 sector during Q1 2024, in addition to successful and fake breakthroughs. Remarkable occurrences include the robbery at Orbit Bridge, which cost $26.4 crores, and another incident on Munchables, which cost $62.8. These incidents confirmed the considerable financial risk associated with the advancement of technologies and decentralized platforms.

The loss of property due to the exploitation of Yield Protocol strategy contracts represents a current problem attacking the security of DeFi platforms, and investors’ appearance is very weak. However, the complete retooling of security measures and regulatory compliance caused by the speed of the evolution of blockchain technology produces new opportunities and risks for the participants of decentralized finance.