QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$157 000 USD
APRIL 2024
GLOBAL
YIEDL.AI
DESCRIPTION OF EVENTS

"YIEDL is a service that allows users to invest their on-chain assets in a portfolio of crypto-assets generated from crowd-sourced machine-learning forecasts."
"Invest SMARTER, not HARDER Discover YIEDL and elevate your portfolio. Trade next-gen AI-powered vaults, built for you by a community of +500 data scientists"
"We gathered the best Data Scientists in the world to build for you the best AI-powered portfolios" "1-click solution to Join the Web3 revolution. Mint, or trade Vault shares directly from your wallet" "“Not your keys, not your coins.” Funds are user-controlled, eliminating third-party fraud risk"
"We detected potential suspicious activity related to Y-BULL (Yiedl BULL)."
"According to intelligence from the SlowMist Security Team, the YIEDL project on the BSC chain was attacked, with the attacker stealing approximately $300,000. In this incident, the reason lies in the contract’s failure to adequately validate the external parameter(dataList) provided by the user during the processing of the redeem function call. This parameter is critical data for controlling asset exchanges, typically containing specific transaction instructions or routing information. The attacker maliciously constructed this external parameter, enabling unauthorized asset transfers."
"The vulnerable and exploited Y-BULL (Yiedl BULL) contract has a redeem function that allows users to exchange a specific number of shares they hold in an asset pool for a certain asset."
"The dataList parameter is used to make external calls to control asset exchange with information relating to transactions or other routing details. Due to a lack of validation in this parameter, the attacker was able to inject payloads that led to unintentioned interactions with the router contracts, leading to unauthorized asset transfers."
"The attacker repeatedly invoked a call to this redeem function, passing the `sharesToRedeem` parameter as zero."
"Hello Yiedl community, as you already know, a few days ago we suffered a hard blow on the BSC Y-BULL vault.
1. Fortunately, the funds involved in the hack are not funds belonging to community users but are company funds.
2. Funds held in other vaults (UP<DOWN, NEUTRAL) were not affected by this incident and are safe.
3. Meanwhile, investigations are still ongoing (internal and with the relevant authorities) and we will publish an incident report as soon as possible. Together with our partners we are trying to shed light on the responsibilities of all the actors involved (external auditor, internal team, end users) and we will share everything with maximum transparency.
4. As far as the project is concerned, everything remains unchanged. The competition continues without interruption"
Yiedl.ai is a platform offering access to different yield strategies, prepared by a competing council of data scientists. The platform initiatied a Y-BULL strategy, which had a vulnerability in the redeem function, allowing an attacker to exploit $157k from the smart contract. The lost funds are reportedly all company funds of Yiedl.ai, and not user funds. The protocol acknowledged the attack on Twitter and claims their launch plans are not impacted.
SlowMist Hacked - SlowMist Zone (May 17)
@SlowMist_Team Twitter (May 17)
SpotVault | Address 0x4edda16ab4f4cc46b160abc42763ba63885862a4 | BscScan
(May 17)
@yiedlai Twitter (May 17)
@PeckShieldAlert Twitter (May 17)
@unimantic Twitter (May 17)
@neptunemutual Twitter (May 17)
Taking a Closer Look at the YIEDL Exploit (May 17)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(May 17)
Yiedl.ai (May 17)
https://sg.linkedin.com/in/davide-capoti-2365b194 (May 17)
@SlowMist_Team Twitter (May 17)
@im23pds Twitter (May 17)
@SharpeSignals Twitter (May 17)
@dexbot Twitter (May 17)
@cryptoceannews Twitter (May 17)
@coinblogcap Twitter (May 17)
@CryptoNewsUpd8s Twitter (May 17)
@0xDrifter Twitter (May 17)
@web3_watchdog Twitter (May 17)
@Cybermaterial_ Twitter (May 17)
@mtc_terminal Twitter (May 17)
@Neome_com Twitter (May 17)
Data Science Council A New Game Changer For Yiedl Dao (May 17)
Yiedl Is The Home For Data Scientists (May 17)
