{"id":88350,"date":"2023-12-16T20:49:58","date_gmt":"2023-12-16T18:49:58","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=88350"},"modified":"2025-09-13T17:31:28","modified_gmt":"2025-09-13T14:31:28","slug":"defi-bulletin-tvl-tops-50-billion-yearn-finance-loses-1-4-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/defi-bulletin-tvl-tops-50-billion-yearn-finance-loses-1-4-million\/","title":{"rendered":"DeFi Bulletin: TVL tops $50 billion, Yearn Finance loses $1.4 million"},"content":{"rendered":"

The decentralised finance (DeFi) sector continues to attract heightened attention from crypto investors. ForkLog has compiled the key developments and news from recent weeks in this digest.<\/p>\n

Key DeFi sector metrics<\/strong><\/h2>\n

The value of total value locked (TVL) in DeFi protocols rose to $51.5 billion. Led by Lido with $20.7 billion, the second and third spots are held by Maker ($8.4 billion) and JustLend ($6.5 billion), respectively.<\/p>\n

\"Snimok-ekrana-2023-12-16-v-12.47.33\"
Data: DeFi Llama<\/a>.<\/figcaption><\/figure>\n

TVL in Ethereum applications \u0432\u044b\u0440\u043e\u0441<\/a> to $28.4 billion. Trading volume on decentralised exchanges (DEX) over the last 30 days \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b<\/a> $77.1 billion.<\/p>\n

Uniswap continues to dominate the non-custodial exchange market \u2014 it accounts for 55.7% of total turnover. The second DEX by volume is PancakeSwap (15.1%), the third is Trader Joe (8%).<\/p>\n

OKX DEX suffered an exploit worth $2.76 million<\/a> in what PeckShield analysts described as damage stemming from an alleged leak of the proxy-server administrator private key.<\/strong><\/h2>\n

According to SlowMist, during a swap on the platform users authorize a TokenApprove contract, which then transfers the user’s tokens.<\/p>\n

The ClaimTokens function enables a trusted DEX proxy server to call it. The servers are run by administrators who can modify the smart contract at will.<\/p>\n

On December 12, the owner of one of the servers updated it, allowing direct invocation of ClaimTokens to transfer users’ tokens. The attacker exploited this vulnerability.<\/p>\n

Yearn Finance loses $1.4 million due to a transaction error<\/strong><\/h2>\n

As a result of an ‘erroneous scenario’ multisig<\/a>-transaction, DeFi protocol Yearn Finance lost<\/a> 63% of treasury funds in the yCRV LP pool.<\/p>\n

The incident occurred during the ‘routine process of converting fee tokens’ and led to the exchange of 3,794,894 yCRV for 779,958 yvDAI. The team clarified that losses amounted to $1.4 million.<\/p>\n

The yCRV liquid-staking<\/a> token presents Curve CRV in the protocol’s pool. The project allocates funds within the structure to maintain liquidity and earn revenue from fees.<\/p>\n

However, due to a glitch in the exchange script for the DEX CoW Swap, all treasury funds were sent to a single one of the protocol’s largest pools. The trade caused significant price slippage, which ‘arbitrageurs and other market participants’ exploited.<\/p>\n

Developers explained that the erroneous transfer of the entire Yearn Finance balance in the pool was one of 30 orders executed via multisig transaction<\/a>. This hindered manual oversight, and the swap script ‘lacked sufficient withdrawal checks and contained a logic error’ in capping the swap size.<\/p>\n

To prevent similar incidents, Yearn Finance adopted a series of safeguards, including:<\/p>\n