- Decentralized finance platform Aave announced on its website that it has halted V2 operations after receiving reports of vulnerabilities in certain features.
- Some assets on Aave V2 on Avalanche and some on Aave V3 on Polygon, Arbitrum and Optimism have been frozen.
Decentralized finance (Challenge) Aave protocol announcement On November 4, a report was received on the Aave bug bounty program regarding a vulnerability that affects Aave v2 operations. Interestingly, the company has not yet disclosed many details about the vulnerability. For now, it appears that the vulnerability has not been exploited. This was simply a bug report and time-based actions have been taken to close the flaw.
Today we received a report of an issue with a certain functionality of the Aave protocol. After validation by the community developers, the guardian has taken the following temporary preventative measure (no funds are at risk).
Learn more about the report
The brief announcement reveals that there was coordination with Aave Guardian, after which it was agreed that protective measures would be taken to stop the attack vector. As a result, its Ethereum V2 marketplace was discontinued. Additionally, some assets on his V2 on Avalanche have been paused. Additionally, some assets on Aave V3 like Polygon, Arbitrum and Optimism have been frozen. It is also important to note that unaffected markets include Aave V3 markets on Ethereum, Base and Metis, as well as the V2 markets on Polygon and Avalanche. This implies that no funds are currently at risk in any of the markets according to the announcement. For now, a governance proposal will be submitted shortly to ensure the issue is resolved and operations return to normal.
A governance proposal aimed at restoring the normal functioning of the protocols will be submitted soon. A detailed autopsy will be released once the issue is fully resolved.
The team further clarified that users who provide or borrow frozen assets can withdraw or repay their positions. However, until the problem is resolved, they cannot provide or borrow more.
Previous attack on Aave and Yearn Finance
In April, PeckShield reported that hackers attacked Aave and Yearn Finance and stole $10 million. In addition to this, cryptos including BUSD, USDC, TUSD, USDT, and DAI were recovered. Aave was heavily criticized as some users threatened to withdraw funds from the platform. Founder Marc Zeller quickly observed how the attack focused on version 1 of the protocol. It was reported that the attackers were more focused on violating old protocols. Yearn Finance appears to be one of the victims.
We are aware of an issue that appears isolated to the iearn Legacy protocol launched in 2020 and the liquidity pool. Yearn v2 vaults do not appear to be impacted. Yearn contributors investigate.
Over the course of a single weekend in July, a total of $70 million was allegedly stolen from various DeFi platforms, including Curve Finance. Affected platforms also included lending protocol Alchemix, yield platform Pendle, and synthetic asset tool Metronome.
Regardless of current developments, the Aave token is up 7% over the past seven days and 0.63% over the past 24 hours. The asset is currently trading at $91.34.