Bitcoin

Yearn Finance V1’s legacy Yearn TUSD vault hacked

Yearn Finance V1’s legacy Yearn TUSD vault hacked

The post Yearn Finance V1’s legacy Yearn TUSD vault hacked appeared on BitcoinEthereumNews.com.

A legacy version of the decentralized finance protocol Yearn has suffered an exploit, reviving concerns about misconfigured and immutable smart contracts that have held funds on the network years after being deprecated. In an X post on Wednesday, Security firm PeckShield reported YearnFinanceV1’s hack resulted in losses of about $300,000. The stolen funds were swapped into 103 Ether and now sit at address 0x0F21…4066, according to Etherscan images shared by the firm. #PeckShieldAlert YearnFinanceV1 @yearnfi has suffered an exploit, resulting in a total loss of ~$300K. The exploiter has swapped the stolen funds for 103 $ETH, which now sit in the address: 0x0F21…4066. pic.twitter.com/KeyfTLKRHx — PeckShieldAlert (@PeckShieldAlert) December 17, 2025 The hackers took advantage of an outdated Yearn vault tied to TrueUSD, known as the “iearn TUSD vault,” which is still deployed on Ether despite being superseded by newer versions. A configuration flaw helped the attackers manipulate share prices through several transactions. Yearn Finance misconfigured vault triggered price manipulation  According to an analysis from pseudonymous crypto researcher and University of Science and Technology of China alumnus Weilin Li, the vault configured one of its strategies as a Fulcrum sUSD vault and calculated its share price using only the sUSD balance deposited. This opened the door to so-called “donation attacks,” in which an attacker transfers assets directly into a vault to distort accounting metrics. After sending Fulcrum sUSD tokens into the Yearn TUSD vault, the perpetrators were able to artificially inflate the vault’s reported share price. The issue was compounded by a rebalance function that withdraws all underlying assets in sUSD, an asset not included in the vault’s share price calculations. When the rebalance started, the vault’s share price tanked steeply and created a “price shock.” Per PeckShield Alert’s Etherscan snapshot, the attacker executed sequenced flash loans by firstly borrowing large…

Read More

Related Posts

Naoris Protocol Wins “Best DePIN Crypto Project”

Naoris Protocol Wins “Best DePIN Crypto Project”

Veteran Analyst Explains Why Bitcoin Is Not Pumping

Veteran Analyst Explains Why Bitcoin Is Not Pumping

US jobs data confirms downside risks – ING

US jobs data confirms downside risks – ING

ProBit Global Lists NuCoin (NUC), Powering AI-Driven Real-World Asset Tokenization

ProBit Global Lists NuCoin (NUC), Powering AI-Driven Re...

SaucerSwap Unveils Redesigned Platform and New Brand Identity for Hedera DeFi

SaucerSwap Unveils Redesigned Platform and New Brand Id...

Spot Bitcoin ETFs see $358M outflow: Are investors really abandoning BTC?

Spot Bitcoin ETFs see $358M outflow: Are investors real...