YIEDL, an AI-driven cryptocurrency trading platform, recently suffered a significant security breach, resulting in the theft of $157,000 worth of various cryptocurrencies. The breach was executed by exploiting a vulnerability in the “redeem function” of YIEDL’s smart contract, specifically affecting the Y-BULL vault on the BNB Smart Chain. This function is critical as it manages the exchange or retrieval of assets under specified conditions. The attack was confirmed by blockchain security firm Cyvers, which noted that the attackers deployed a malicious contract to withdraw multiple assets including Ethereum (ETH), Binance-pegged Bitcoin (BTCB), and USDC.
The series of unauthorized transactions occurred over the span of about an hour, starting at 01:24 UTC and ending at 02:22 UTC. The hackers managed to siphon off nearly $160,000 in cryptocurrencies and subsequently used PancakeSwap, a decentralized finance (DeFi) platform, to convert these assets into BNB (Binance Coin). This method of liquidating stolen assets is common among cybercriminals to avoid tracing and increase the difficulty of asset recovery by the victims.
This incident comes on the heels of YIEDL’s announcement about the launch of the Y-BULL spot vault on the BSC network. In their disclosure, YIEDL highlighted the operational efficiencies and lower fees associated with transferring holdings to the new Y-BULL smart contract on the BSC, yet this announcement was swiftly followed by the hack. The timing suggests that attackers may have taken advantage of the transition period and the influx of new or moved assets.
Following the breach, YIEDL has confirmed the hack and is currently investigating the cause of the incident. They have advised users and network participants to avoid interacting with the compromised Y-BULL smart contract on the BSC until further notice. This event underscores the ongoing vulnerabilities in the crypto space, especially in newer or recently modified digital platforms. As the crypto industry continues to face such security challenges, it emphasizes the need for enhanced protective measures and vigilant monitoring of network activities to safeguard user assets.
