Skip to main content
Sign in

Yearn Finance DAI Vault Exploit

avoid.net/yearn-dai-vault52/100·91% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·3SdMmR…QW7W

Summary

On February 4, 2021, an attacker exploited Yearn Finance's v1 yDAI vault using a multi-protocol flash loan to manipulate exchange rates in Curve Finance's 3pool, causing approximately $11 million in vault losses while the attacker personally profited roughly $2.8 million. Yearn Finance's security team contained the exploit within eleven minutes, preserving $24 million of the vault's $35 million under management. Yearn subsequently reimbursed affected depositors by minting 9.7 million DAI against YFI collateral in a MakerDAO vault, with the intent to repay the debt from ongoing protocol revenue.

Connected Entities

1 entities · 10 linked investigations
Protocols
Yearn Finance DAI Vault Exploit
Relationships
    Also appears in
    BitGrail·2Thorchain DEX·14Orca·85KuCoin Exchange Hack·32Zircon Gamma·32CryptoZoo·8Value DeFi Protocol·18Evolved Apes NFT·2Tinyman·52Origin Protocol·38
    Have evidence about Yearn Finance DAI Vault Exploit?

    Timeline(8 events)

    2020-07-24

    Quantstamp completes security review of Yearn.Finance v1 smart contracts.

    Quantstamp Blog

    2020-11-05

    MixBytes completes audit of Yearn.Finance protocol v1 smart contracts, finding no critical or major issues.

    MixBytes Audits — GitHub

    2021-02-04

    Attacker begins exploit of yDAI v1 vault using flash loans from dYdX and Aave v2, borrowing against Compound to manipulate Curve 3pool exchange rates. The attack repeats across 11 transactions over approximately 38 minutes.

    Yearn Finance Security Disclosure — GitHub

    2021-02-04

    Yearn security team responds within 11 minutes of detecting the attack, applying setMin(0) to DAI, USDC, USDT, and TUSD v1 vaults, halting further exploit cycles. Total vault loss: approximately $11 million. Attacker profit: approximately $2.8 million. Protected: approximately $24 million.

    CoinDesk

    2021-02-04

    Tether freezes $1.7 million in USDT moved by the attacker.

    CoinTelegraph

    2021-02-05

    Yearn Finance publishes detailed post-mortem identifying three root causes: 1% slippage tolerance, 0% withdrawal fee, and unrestricted earn() access.

    Yearn Finance Security Disclosure — GitHub

    2021-02-08

    Yearn announces plan to make vault depositors whole by opening a MakerDAO CDP with YFI treasury collateral to mint 9.7 million DAI, restoring the vault's net asset value.

    The Defiant

    2021-02-08

    Nexus Mutual begins processing 18 insurance claims related to the yDAI hack. Ultimately 15 are approved for a total payout of approximately $2.317 million.

    Nexus Mutual Documentation
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/31/2026, 7:00:24 AM

    last updated: 5/31/2026, 7:00:27 AM

    avoid.net — verified advice for a post-truth world