YALA Protocol USDC Hack Analysis: Recovery Speculation and Euler Losses

Key Takeaways

• Analysis of potential recovery after the $7.64 million USDC hack.
• Examination of Euler loan roles and potential inconsistencies in their utilization.
• Tracing YBTC and YU movement to identify potential culprits.
• Speculation on YALA team involvement in the hack and misappropriation of funds.
• Identification of ultimate beneficiaries of the hack and losses incurred by stakeholders.

In-Depth Analysis of YALA Protocol's USDC Hack

According to official announcements, YALA Protocol lost $7.64 million USD worth of USDC stablecoin. The team injected $5.5 million USD of its own funds and obtained additional liquidity through the Euler platform. This additional liquidity obtained through Euler is estimated at approximately $2.14 million USD.

Initial Discrepancies

The first question that arises is: if YU is minted by collateralizing YBTC, does obtaining $2.14 million USD through Euler imply that the protocol collateralized over $2.14 million USD worth of YU on Euler, which in turn is backed by at least $3 million USD of BTC? If this $3 million USD worth of BTC belongs to the YALA team, why wasn't it directly converted into USDC instead of paying high-interest rates to borrow from Euler? The two potential scenarios that come to mind are:

1. YALA may not have had enough YBTC to collateralize the YU used on Euler.
2. The actual control of the BTC corresponding to the YBTC may not be within YALA's control (e.g., a secret agreement).

Fund Recovery

The announcement also mentioned that a portion of the assets was converted to Ethereum before trading resumed, but the subsequent price decline, coupled with the funds invested by the attackers, resulted in a decrease in the actual recovery value. Here, a second discrepancy emerges: at a price of $3000 USD per ETH, the recoverable amount from the stolen funds is approximately $4.9 million USD. This means that recovered funds + own funds of $5.5 million USD > $7.64 million USD shortfall. In this case, why was the project unable to obtain additional financing or a bridge loan of $2.14 million USD in any other form? After all, the project was solvent after recovering the funds.

1. The project may not have any plans for recovery, and the recovered funds will be used to repay own funds first.
2. The creditworthiness of the planned financing may have prevented them from obtaining additional funds, or other losses far exceed $2.14 million USD.

Analysis of YBTC and YU Data

When tracing YBTC data further, it can be observed that 99% of YBTC is controlled by three addresses, which also means that 99% of YU is controlled by these four addresses. Let's temporarily name them addresses A-C. Let's analyze the behavior of each address individually:

• Address A: Minted 39.35 million YU, repaid 17 million YU, with a net debt of approximately 22 million YU, and an address balance of 2.4 million YU.
• Address B: Minted 43.57 million YU, repaid 10 million YU, with a net debt of 33.57 million YU, and an address balance of 2.77 million YU. Most of the YU from address B (approximately 30.15 million) flowed into contract 0x9593807414, which is Yala's Stability Pool. The Stability Pool currently shows total deposits of 32.8 million YU. This means that address B is also completely normal.
• Address C: Cumulatively minted 32.5 million YU, cumulatively repaid 33.3 million YU, and has already destroyed YBTC and retrieved BTC. All transaction behavior is normal.

Address A: The Potential Culprit

It is clear that the problem lies with Address A. Address A's transactions are very complex, but overall, this address net minted 28 million YU and obtained additional YU through other addresses. The majority of these YU have flowed into various protocols. From Dabank, we can see more interesting data. This address collateralized a large amount of YU and PT and borrowed a total of $4.93 million USD of USDT and USDC from Euler. It is clear that these three loans have effectively defaulted after YU dropped to $0.15 USD. Twelve days ago, this address used a small amount of USDC to purchase YALA and made partial repayments to Euler. Considering that the team mentioned "injecting $5.5 million USD" and obtained additional liquidity through the Euler platform, it is likely that this address is the team's operating address. We now know that the team obtained approximately $4.9 million USD of liquidity from Euler.

Speculation on YALA Team's Role

The following is my speculation, and it may not be accurate:

1. YALA somehow obtained approximately 500 illegal YBTC (meaning that YALA does not have real control over its corresponding 500 BTC), and used the 500 YBTC to mint 28 million YU (let's temporarily call it illegal YU). These illegal YU may have been used for other purposes in the past, such as obtaining airdrops, providing DEX liquidity, and depositing into Pendle, but this is not important. The reason I believe that 500 YBTC are illegal is very simple: if you have $50 million USD of BTC at your disposal, you would not take out a high-interest loan for funding needs of $7.64 million USD.
2. After the hackers stole 7.64 million USDC, YALA used a portion of the illegal YU to obtain a loan of $4.9 million USD from Euler, and also provided some of its own funds, in an attempt to get the protocol back on track. One problem here is that the protocol's claimed own funds of $5.5 million USD + the illegal loan of $4.9 million USD exceeds the total funding gap of $7.64 million USD, and there are many potential possibilities, such as the value of $5.5 million USD being exaggerated, or a portion of the Euler loan being returned to the $5.5 million USD provider.
3. After the hackers were arrested, due to some factors, the recoverable funds were far lower than $7.64 million USD, such as the $4.9 million USD mentioned previously (considering the disposal process, the true recoverable funds are lower). In this case, the YALA protocol will still bear a loss of over $2.7 million USD. In this case, Address A chose to default, transferring the loss to Euler, but at the cost of YALA Protocol going bankrupt and ceasing operations.
4. Who is the instigator? As mentioned previously, over 99% of YALA and YU are controlled by three addresses (plus a bfBTC depositor). Address B and Address C had no net inflows or outflows of YU, and they had nothing to do with the entire incident. BTC depositors will also not suffer losses, they only need to repay YU and retrieve their BTC. The losers are holders of YU and its derivative assets, as well as Euler depositors. These funds flowed to Address A, and the ultimate beneficiaries are the YALA team, who transferred the loss to users, and even if the team smuggles the judicially disposed $4.9 million USD, they will still profit from it. Of course, all of the above is based on the assumption being true, that is, Address A belongs to the YALA Team.