{"id":46300,"date":"2026-06-24T11:09:39","date_gmt":"2026-06-24T11:09:39","guid":{"rendered":"https:\/\/cryptomag.finance\/?p=46300"},"modified":"2026-06-24T11:09:39","modified_gmt":"2026-06-24T11:09:39","slug":"yield-yak-follows-gitcoin-in-latest-wallet-drainer-attack","status":"publish","type":"post","link":"https:\/\/cryptomag.finance\/?p=46300","title":{"rendered":"Yield Yak follows Gitcoin in latest wallet-drainer attack"},"content":{"rendered":"<p><strong>Blockchain cybersecurity company Blockaid detected a front-end hack on the website of the decentralized finance (DeFi) yield-aggregating platform, Yield Yak, on June 24, 2026. According to Blockaid, the front-end of Yield Yak\u2019s site had been compromised by malicious wallet-draining scripts. It marks the second time in days that an attack of this nature has taken place against a major crypto exchange platform and is the latest addition to the recent trend of front-end hacks targeting major crypto platforms.<\/strong><\/p>\n<p>According to Blockaid\u2019s detection process, the subdomain vote.yieldyak.com had been compromised with code from a software called \u201cEleven drainer.\u201d Wallet drainer is a type of malicious script that tricks users into sending their digital assets to an attacker through transactions approved by users. The malicious code forces approval of actions or sends assets to an attacker at the very instant when users connect their wallets, and often before they even know what they are up to. Neither Blockaid nor Yield Yak has provided information on the number of losses suffered due to the hack at the time of publishing.<\/p>\n<h3><strong>Attacker uses a classic playbook<\/strong><\/h3>\n<p>The hack at Yield Yak resembles the vulnerability spotted on Gitcoin, an open-source funding platform, just a few days ago. <a href=\"https:\/\/x.com\/blockaid_\/status\/2068534795684946308\" rel=\"nofollow\">According to Blockaid on June 21<\/a>, files.gitcoin.co, a Gitcoin sub-domain, had the same Eleven drainer code and warned people to stay away from the platform as it was being checked out. Blockaid directly associated the two hacks, noting that the attack at Yield Yak \u201cfollows yesterday\u2019s incident on Gitcoin, which has operated in a similar way.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udea8Blockaid\u2019s system has identified a front-end attack on yieldyak[.]com by <a href=\"https:\/\/x.com\/yieldyak_?ref_src=twsrc%5Etfw\" rel=\"nofollow\">@yieldyak_<\/a>. The site\u2019s subdomain \u2013 vote[.]yieldyak[.]com now contains code of eleven drainer.<\/p>\n<p>This follows yesterday\u2019s incident on <a href=\"https:\/\/x.com\/gitcoin?ref_src=twsrc%5Etfw\" rel=\"nofollow\">@gitcoin<\/a> which has operated in a similar way <a href=\"https:\/\/t.co\/YFmWEYfa7D\" rel=\"nofollow\">pic.twitter.com\/YFmWEYfa7D<\/a><\/p>\n<p>\u2014 Blockaid (@blockaid_) <a href=\"https:\/\/x.com\/blockaid_\/status\/2069630359973539844?ref_src=twsrc%5Etfw\" rel=\"nofollow\">June 24, 2026<\/a><\/p><\/blockquote>\n<p>In both instances, sub-domains were compromised instead of the core application interfaces. The core product of Yield Yak, an auto-compounding yield farming protocol on Avalanche, runs on the primary domain. The compromised voting subdomain seems like a secondary entry point, but anyone accessing it would have run the risk of having their <a href=\"https:\/\/www.cryptopolitan.com\/cardano-wallet-crisis-users-lose-16m-ada\/\">wallet drained<\/a>.<\/p>\n<p>The lack of definite loss figures does not always mean minimal consequences. Front-end vulnerabilities usually go through a process of investigation for hours or even days when security teams identify interactions between wallets and check if users executed malicious transactions. In other drainer cases this year, losses ranged from several thousand dollars to millions of dollars based on the number of people connecting wallets until the malicious code was deleted. For example, in one of the Blockaid-monitored incidents, hackers took about <a href=\"https:\/\/www.halborn.com\/blog\/post\/explained-the-squidroutermodule-hack-may-2026\" rel=\"nofollow noopener\" target=\"_blank\">$3.2 million from 86 Safe wallets<\/a> using a third-party module vulnerability in May. The second example is the exploitation of liquidity provider TrustedVolumes that led to $5.9 million in losses.<\/p>\n<h3><strong>Spike in front-end attacks<\/strong><\/h3>\n<p>The mentioned Yield Yak and Gitcoin hacks are part of a larger trend that rattled the cryptocurrency community this year. The front-end attack, when an attacker exploits a website of a project without affecting smart contracts, has increased in frequency across major DeFi platforms.<\/p>\n<p>Earlier in the year, OpenEden, Curvance, and Maple Finance all suffered front-end attacks in a single week in February. Those attacks used a different drainer toolkit called AngelFerno but followed the same method: gain access to a project\u2019s web infrastructure, insert code that hijacks wallet connections, and wait for users to interact.<\/p>\n<p>Blockaid documented an even more aggressive pattern in April 2026. Following high-profile exploits at Drift Protocol, <a href=\"https:\/\/www.cryptopolitan.com\/kelp-migrates-rseth-bridge-to-chainlink-ccip\/\">KelpDAO<\/a>, and other platforms, drainer operators spun up lookalike domains within hours to intercept panicked users searching for ways to revoke token approvals. The firm described April 2026 as \u201cthe worst month for crypto theft on record,\u201d citing over $629 million drained across more than 20 incidents.<\/p>\n<h3><strong>What Yield Yak users should know<\/strong><\/h3>\n<p>Yield Yak is a DeFi protocol on Avalanche that auto-compounds yield farming rewards and operates a decentralized exchange aggregator, according to its listing on Alchemy. Users who deposited assets through the main platform\u2019s smart contracts are not directly affected by a front-end compromise, since the underlying contracts remain unchanged. The risk applies to anyone who visited the compromised subdomain and connected a wallet or signed a transaction.<\/p>\n<p>As of publication, neither Yield Yak nor Gitcoin had issued public statements on the status of remediation for their respective incidents. No security firm or blockchain investigator has publicly reported confirmed losses tied to the Yield Yak compromise, and there is currently no on-chain evidence indicating the scale of any potential theft. Blockaid advised users not to interact with the affected websites as the issue is being investigated and remediated.<\/p>\n<p>Users who suspect they interacted with vote.yieldyak.com should revoke any token approvals granted during the session using a trusted tool and monitor their wallets for unauthorized transfers.<\/p>\n<p class=\"inline-news-ad\" data-rand=\"0.823827\">If you&#8217;re reading this, you\u2019re already ahead. <a href=\"https:\/\/www.cryptopolitan.com\/newsletters\/?utm_source=cp&amp;utm_medium=web&amp;utm_campaign=inlineAds\" target=\"_blank\">Stay there with our newsletter<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Blockchain cybersecurity company Blockaid detected a front-end hack on the website of the decentralized finance (DeFi) yield-aggregating platform, Yield Yak, on June 24, 2026. According to Blockaid, the front-end of Yield Yak\u2019s site had been compromised by malicious wallet-draining scripts. It marks the second time in days that an attack of this nature has taken [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":46301,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[],"tags":[],"class_list":["post-46300","post","type-post","status-publish","format-standard","has-post-thumbnail"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptomag.finance\/?p=46300\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag\" \/>\n<meta property=\"og:description\" content=\"Blockchain cybersecurity company Blockaid detected a front-end hack on the website of the decentralized finance (DeFi) yield-aggregating platform, Yield Yak, on June 24, 2026. According to Blockaid, the front-end of Yield Yak\u2019s site had been compromised by malicious wallet-draining scripts. It marks the second time in days that an attack of this nature has taken [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptomag.finance\/?p=46300\" \/>\n<meta property=\"og:site_name\" content=\"Cryptomag\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-24T11:09:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptomag.finance\/wp-content\/uploads\/2025\/06\/generic-crypto-image.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"560\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Crypto Magazine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cryptomagz\" \/>\n<meta name=\"twitter:site\" content=\"@cryptomagz\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Crypto Magazine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300\"},\"author\":{\"name\":\"Crypto Magazine\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\"},\"headline\":\"Yield Yak follows Gitcoin in latest wallet-drainer attack\",\"datePublished\":\"2026-06-24T11:09:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300\"},\"wordCount\":827,\"image\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/Crypto-wallet-draining-scam-1-dlsqA5.webp\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300\",\"name\":\"Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/Crypto-wallet-draining-scam-1-dlsqA5.webp\",\"datePublished\":\"2026-06-24T11:09:39+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cryptomag.finance\\\/?p=46300\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#primaryimage\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/Crypto-wallet-draining-scam-1-dlsqA5.webp\",\"contentUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/Crypto-wallet-draining-scam-1-dlsqA5.webp\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=46300#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cryptomag.finance\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Yield Yak follows Gitcoin in latest wallet-drainer attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#website\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/\",\"name\":\"Cryptomag\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cryptomag.finance\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\",\"name\":\"Crypto Magazine\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"caption\":\"Crypto Magazine\"},\"sameAs\":[\"https:\\\/\\\/cryptomag.finance\",\"https:\\\/\\\/x.com\\\/cryptomagz\"],\"url\":\"https:\\\/\\\/cryptomag.finance\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptomag.finance\/?p=46300","og_locale":"en_US","og_type":"article","og_title":"Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag","og_description":"Blockchain cybersecurity company Blockaid detected a front-end hack on the website of the decentralized finance (DeFi) yield-aggregating platform, Yield Yak, on June 24, 2026. According to Blockaid, the front-end of Yield Yak\u2019s site had been compromised by malicious wallet-draining scripts. It marks the second time in days that an attack of this nature has taken [&hellip;]","og_url":"https:\/\/cryptomag.finance\/?p=46300","og_site_name":"Cryptomag","article_published_time":"2026-06-24T11:09:39+00:00","og_image":[{"width":1000,"height":560,"url":"https:\/\/cryptomag.finance\/wp-content\/uploads\/2025\/06\/generic-crypto-image.webp","type":"image\/webp"}],"author":"Crypto Magazine","twitter_card":"summary_large_image","twitter_creator":"@cryptomagz","twitter_site":"@cryptomagz","twitter_misc":{"Written by":"Crypto Magazine","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cryptomag.finance\/?p=46300#article","isPartOf":{"@id":"https:\/\/cryptomag.finance\/?p=46300"},"author":{"name":"Crypto Magazine","@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040"},"headline":"Yield Yak follows Gitcoin in latest wallet-drainer attack","datePublished":"2026-06-24T11:09:39+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptomag.finance\/?p=46300"},"wordCount":827,"image":{"@id":"https:\/\/cryptomag.finance\/?p=46300#primaryimage"},"thumbnailUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/Crypto-wallet-draining-scam-1-dlsqA5.webp","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cryptomag.finance\/?p=46300","url":"https:\/\/cryptomag.finance\/?p=46300","name":"Yield Yak follows Gitcoin in latest wallet-drainer attack - Cryptomag","isPartOf":{"@id":"https:\/\/cryptomag.finance\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptomag.finance\/?p=46300#primaryimage"},"image":{"@id":"https:\/\/cryptomag.finance\/?p=46300#primaryimage"},"thumbnailUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/Crypto-wallet-draining-scam-1-dlsqA5.webp","datePublished":"2026-06-24T11:09:39+00:00","author":{"@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040"},"breadcrumb":{"@id":"https:\/\/cryptomag.finance\/?p=46300#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptomag.finance\/?p=46300"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptomag.finance\/?p=46300#primaryimage","url":"https:\/\/cryptomag.finance\/wp-content\/uploads\/Crypto-wallet-draining-scam-1-dlsqA5.webp","contentUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/Crypto-wallet-draining-scam-1-dlsqA5.webp","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/cryptomag.finance\/?p=46300#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptomag.finance\/"},{"@type":"ListItem","position":2,"name":"Yield Yak follows Gitcoin in latest wallet-drainer attack"}]},{"@type":"WebSite","@id":"https:\/\/cryptomag.finance\/#website","url":"https:\/\/cryptomag.finance\/","name":"Cryptomag","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptomag.finance\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040","name":"Crypto Magazine","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","caption":"Crypto Magazine"},"sameAs":["https:\/\/cryptomag.finance","https:\/\/x.com\/cryptomagz"],"url":"https:\/\/cryptomag.finance\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts\/46300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46300"}],"version-history":[{"count":0,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts\/46300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/media\/46301"}],"wp:attachment":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}