YIEDL, an AI-based crypto trading platform, is the latest target of a security breach, with hackers leveraging the opportunity to steal $157,000 worth of several crypto assets across multiple transactions.
According to blockchain security platform Cyvers, the attackers exploited a flaw in the YIEDL contract’s “redeem function.” For context, this function facilitates the management of asset exchange or retrieval under designated conditions.
🚨ALERT🚨Our system has detected multiple suspicious transactions involving @yiedlai.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 24, 2024
The root cause appears to be a vulnerability in the redeem function.
The attacker has gained around $157K from multiple transactions, with funding provided by @ChangeNOW_io.
Additionally, our… pic.twitter.com/LrPL6ULvTu
Notably, the exploit affected the contract of YIEDL’s Y-BULL vault on the BNB Smart Chain. Cyvers’ security analysts confirmed that the perpetrators deployed a malicious contract targeting the Y-BULL smart contract, which resulted in the withdrawal of multiple assets.
The withdrawals began today at 01:24 UTC and persisted until 02:22 UTC, with the malicious actors pulling out nearly $160,000 in Ethereum (ETH), Binance-pegged Bitcoin (BTCB) and USDC. They then leveraged PancakeSwap to liquidate the loot for BNB, on-chain data shows.
The incident comes barely 24 hours after YIEDL announced the launch of the Y-BULL spot vault on the BSC network. In the disclosure, they advised that while the Y-UP on the OP and Synthetix protocol will remain operational until further restructuring, users could transfer their holdings to the new Y-BULL on BSC to save fees.
The team behind the protocol has now confirmed the hack, noting that they are still investigating the cause of the incident. They advised network participants against interacting with the recently-released BSC Y-BULL smart contract.
This recent exploit comes amid a growing surge in crypto-related hacks. Crypto.news reported last week that Hedgey Finance, a blockchain infrastructure provider, suffered a similar exploit, resulting in a loss of $44.7 million. On April 15, Grand Base, a defi protocol on Base, lost $2 million to hackers.