Yearn Finance Hack 2021 — $11M Exploit Analysis

Yearn Finance's DAI v1 vault was exploited via a complex multi-protocol flash loan attack, draining approximately $11M.

Details

Full Description

An attacker exploited Yearn's v1 DAI vault using a sophisticated flash loan attack involving multiple DeFi protocols (dYdX, Aave, Compound, Curve, MakerDAO). The attack manipulated Curve's 3pool balance to extract profit from Yearn's vault strategy, which relied on Curve for yield. The exploit required 11 steps and deep DeFi protocol knowledge.

Laundering Analysis

Stolen DAI converted to ETH and routed through Tornado Cash. Yearn Finance issued a post-mortem and compensation plan for vault depositors. The protocol suffered a net loss but the team covered some losses via the treasury. No attacker identification was made public. Funds fully laundered via mixer.

Sources

Transaction Hashes

Related Hacks

Back to Browse