The developers of the DeFi protocol Yam Finance prevented a cyber attack aimed at transferring control over the project’s reserves to an unknown third party.
According to the team, the attack, which began on June 7, was discovered two days later. The delay is because the hacker presented a proposal to control the protocol using internal transactions.
The malicious offer contained an unverified smart contract designed to transfer control of Yam Finance's reserves to an address associated with the attacker's wallet. If the attacker had managed to gather a quorum for the proposal to be accepted by a majority of the community, he would have gained access to Yam Finance assets worth $3.1 million.
The protocol team faced a similar attack in December 2021.
Trending: Google's Parent Company Alphabet Is the Leader in Crypto Investments
The incident comes amid a struggle to manage the Yam Finance ecosystem associated with the project's vault. The current model was approved by more than 54%, but now some members of the community have put forward a proposal to re-vote.
Yam Finance emerged during the early DeFi boom in the summer of 2020. Two days after the start of the project, the price of the native token collapsed by 99% per day. The reason was a discovered vulnerability in the protocol management system.
Recall that in March, the Ronin sidechain involved in Axie Infinity was subjected to a hacker attack. The attackers withdrew crypto assets worth about $625 million. The hack was the largest in the history of the DeFi segment.
Trending: Ethereum Active Addresses Dropped to a 4-Month Low
Later, experts found that spyware was used in the attack on Ronin.