YIEDL, an AI-based crypto trading platform, is the latest target of a security breach, with hackers leveraging the opportunity to steal $157,000 worth of several crypto assets across multiple transactions.
According to blockchain security platform Cyvers, the attackers exploited a flaw in the YIEDL contract’s “redeem function.” For context, this function facilitates the management of asset exchange or retrieval under designated conditions.
Notably, the exploit affected the contract of YIEDL’s Y-BULL vault on the BNB Smart Chain. Cyvers’ security analysts confirmed that the perpetrators deployed a malicious contract targeting the Y-BULL smart contract, which resulted in the withdrawal of multiple assets.
The withdrawals began today at 01:24 UTC and persisted until 02:22 UTC, with the malicious actors pulling out nearly $160,000 in Ethereum (ETH), Binance-pegged Bitcoin (BTCB) and USDC. They then leveraged PancakeSwap to liquidate the loot for BNB, on-chain data shows.
The incident comes barely 24 hours after YIEDL announced the launch of the Y-BULL spot vault on the BSC network. In the disclosure, they advised that while the Y-UP on the OP and Synthetix protocol will remain operational until further restructuring, users could transfer their holdings to the new Y-BULL on BSC to save fees.
The team behind the protocol has now confirmed the hack, noting that they are still investigating the cause of the incident. They advised network participants against interacting with the recently-released BSC Y-BULL smart contract.
This recent exploit comes amid a growing surge in crypto-related hacks. Crypto.news reported last week that Hedgey Finance, a blockchain infrastructure provider, suffered a similar exploit, resulting in a loss of $44.7 million. On April 15, Grand Base, a defi protocol on Base, lost $2 million to hackers.
