A user of Alchemix's Yearn yvVault has suffered a $1 million loss following an unauthorized contract attack. On-chain analyst PeckShield identified that the breach occurred after the user approved an unverified contract, deployed 10 days prior, which contained a vulnerability allowing arbitrary call execution. The attacker exploited this flaw to transfer the user's yvVault position. PeckShield has disclosed the vulnerability's logic and advises users to revoke token approvals to unverified contracts to protect their assets.
Alchemix yvVault User Loses $1M in Unauthorized Contract Attack
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.