• Decentralized Finance platform Aave shared on its website that it has halted V2 operations after receiving reports of vulnerabilities in certain features. 

• Certain assets on Aave V2 on Avalanche, and some on Aave V3 on Polygon, Arbitrum, and Optimism have been frozen. 

Decentralized Finance (DeFi) protocol Aave announced on November 4 that a report was received on the Aave bug bounty program concerning a vulnerability that affects the Aave v2 operations. Interestingly, the company has not yet disclosed much detail surrounding the vulnerability. For now, it is reported that the vulnerability was not exploited. It was simply a bug report and temporal actions were taken to seal the loophole. 

Today we received a report of an issue on a certain feature of the Aave Protocol. After validation by community developers, the guardian has taken the following temporary prevention measure (no funds are at risk).

More on the Report

The brief announcement discloses that there was coordination with the Aave Guardian, after which it was agreed that protection measures be taken to stop the attack vector. As a result of this, its V2 Ethereum Market has been halted. In addition, certain assets on its V2 on Avalanche have been paused. In addition, certain assets on Aave V3 on the likes of Polygon, Arbitrum, and Optimism have been frozen. It is also important to note that the unaffected markets include the Aave V3 markets on Ethereum, Base, and Metis, as well as the V2 markets on Polygon and Avalanche. This implies that no funds are currently at risk on any of the markets according to the announcement. For now, a governance proposal will be submitted shortly to ensure that the issue is resolved, and operations are back to normal.

A governance proposal to restore the normal operation of the protocols will be submitted shortly. A detailed postmortem will be released once the issue is fully resolved.

The team has further clarified that users who are either supplying or borrowing from frozen assets can go on to withdraw or repay positions. However, until the issue is resolved, they cannot supply and borrow more. 

Previous Attack on Aave and Yearn Finance

In April, PeckShield reported that hackers had attacked Aave and Yearn finance and stolen $10 million. On top of that, cryptos including BUSD, USDC, TUSD, USDT, and DAI were retrieved. Aave was strongly subjected to criticism as some users threatened to remove funds from the platform. Founder Marc Zeller quickly observed how the attack was concentrated on Version 1 of the protocol. It was reported that the attackers were more focused on breaking into old protocols. Yearn Finance appeared to be one of the victims. 

We are aware of an issue that seems isolated to the iearn legacy protocol launched in 2020 and the liquidity pool. Yearn v2 vaults seem not to be impacted. Yearn contributors are investigating.

In a single weekend in July, a total of $70 million was reported to have been stolen from various DeFi platforms including Curve Finance. Platforms affected also included lending protocol Alchemix, yield platform Pendle, and synthetic asset tool Metronome. 

Regardless of the current development, the Aave token is up by 7 percent in the last seven days, and 0.63 percent in the last 24 hours. The asset is currently trading at $91.34. 

Recommended for you:

• Buy Ethereum Guide
• Ethereum Wallet Tutorial
• Check 24-hour Ethereum Price
• More Ethereum News
• What is Ethereum?