According to on-chain analyst PeckShield (@PeckShieldAlert), a user’s Alchemix Yearn yvVault position (token: $yvWETH) was compromised, resulting in an estimated loss of $1 million. The attack originated from the user previously approving an unverified contract (contract address: 0x143a), which was deployed 10 days ago. Reverse-engineering analysis revealed that the contract contained a vulnerability enabling arbitrary call execution. The attacker exploited this flaw to successfully transfer the victim’s yvVault position. PeckShield has now publicly disclosed the specific logic of the vulnerability. Users are advised to review and revoke token approvals granted to unknown or unverified contracts to mitigate asset risk.
Alchemix yvVault user loses $1M after unauthorized contract attack
TechFlowShare
Summary
A user holding Alchemix Yearn yvVault positions ($yvWETH) lost approximately $1 million following a misauthorized contract exploit. The contract (0x143a), deployed 10 days ago, contained a vulnerability that allowed arbitrary function calls. PeckShield detailed the exploit and advised users to revoke token approvals granted to unknown contracts. Amid pressure on altcoins, the incident underscores the risks present in today’s fear and greed index environment.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.