Yam Finance foils $3.1 million hack

Developers of the Yam Finance DeFi protocol thwarted a cyberattack aimed at transferring control of the project’s reserves to an unknown third party.

According to the team, the attack, which began on July 7, was detected two days later. The delay was due to the hacker presenting a governance proposal via internal transactions.

The malicious proposal contained an unverified smart contract intended to transfer control over Yam Finance’s reserves to the address of the wallet tied to the hacker. If the attacker had managed to gather quorum to pass the proposal by a community majority, they would have gained access to Yam Finance’s assets worth about $3.1 million.

The protocol team had previously faced a similar attack in December 2021.

The incident occurred amid a power struggle over the Yam Finance ecosystem, related to the project’s treasury. The current governance model was approved by more than 54%, but now some community members have tabled a proposal for a rerun vote.

Yam Finance emerged during the early DeFi boom of the summer of 2020. Two days after the project began, the price of the native token plunged by 99% in a day. The cause was a vulnerability discovered in the protocol’s governance system.

In March, the Ronin sidechain used in Axie Infinity was hacked. The attackers drained assets worth about $625 million. The breach was the largest in DeFi history.

Subsequently, experts established that the attack on Ronin used spyware.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.