Yearn Finance founder's expertimental project YCredit exploited within hours


Not long after launch, two exploits were discovered in yCredit, which risked a total loss of user funds.


yCredit, which was still in its beta phase, intended to give users 'tokenized yield credit'. After users deposited ERC-20 tokens, users would receive 99.5% USDC credit and the remaining 0.5% would be deducted as a fee and distributed to yCredit stakers.

However, the contracts were deployed whilst still in beta and without being tested or completed.

Yearn Finance founder, Andre Cronje, had put a disclaimer in a Medium article, which stated that the protocol was purely experimental and was not a speculative token. He went even further by saying that it can be economically exploited.

Despite the warnings, approximately $45,000 was deposited to the contract

Details of how the attacks were carried out have not yet been disclosed and we will continue to monitor the outcome for a review on how the attack was carried out.

The question is whether accountability would lie with the protocol for deploying when, knowing the risks, the project was still in an experimental phase, or whether users, who were warned that yCredit was at risk of being exploited, deposited their funds regardless (without the contract address being provided in the Medium article).

The Twitter community raised that it is not good practice to deploy a contract whilst it is in an experimental phase.