Yearn Finance
HackedDeFi · $YFI · ✝ 2023
Old, misconfigured vaults bit back years later.
Yearn Finance is a veteran Ethereum yield-aggregation protocol that suffered multiple incidents. In April 2023 a misconfiguration in a legacy iearn token combined with flash loans led to roughly $11.5M minted and drained across the affected exploits.
- Peak
- ~$11.5M stolen (largest hit)
- Cause
- Hacked
- Year of death
- 2023
☠️ Cause of death
A misconfigured legacy vault token let an attacker use flash loans to mint a vastly inflated balance and swap it out across pools.
📓 Lessons left behind
- —Deprecated contracts left live remain a standing liability.
- —Audit and retire legacy deployments, do not just abandon them.
- —Misconfiguration, not just code bugs, drains protocols.
🌱 The idea that survived
Legacy contract hygiene
Reinforced auditing, pausing, and retiring deprecated on-chain deployments.
#defi#flash-loan#misconfiguration#ethereum