The tweet, posted at around 5 PM Eastern US time, states: "We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow."
Yearn developer banteg, one of the administrators of the DeFi project's website, followed with a few more details: "Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate."
The suspected exploit involved 160 "nested transactions," pointed out Aave founder and CEO Stani Kulechov.
The trading price for the YFI governance token fell sharply on the news, plummeting from $34,700 to $30,500 in minutes (though it's since rebounded slightly).
Yearn aggregates DeFi lending protocols such asand to make sure users get the best return on their loan.
Update: An earlier version of this story claimed that $14 million was taken from yearn.finance. The actual number was closer to $11 million.