PolyYeld developers have announced that PolyYeld contract has been exploited. Hackers found vulnerability in its contract code and minted huge amount of YELD token, which is native token of PolyYeld project.
It is Titan all over again. Iron Finance was a self-inflicted design marginality that made it so whales could exploit the design for profit. It is also being said that hackers did not use anything new. They hacked PolyYeld contract code using a similar method to the fall of Cerberus, Garuda, Ketchup, Piggy, CaramelSwap and others.
For those who do not know, xYeld token contains a transfer tax and was added to pid 16 on the Yeld L1 Masterchef, which unfortunately could not support tokens with transfer taxes. The referral system minted 4.9 trillion Yeld tokens which were then dumped on the market.
The exploit could happen because they added their xYeld which has a transfer tax as a pool in their farm. We cannot predict that the devs would do this, especially after several farms have already been exploited the same way. There is no word if we will see a contract swap to undo the damages.
This is why we suggest new users to invest in older projects or invest only which they can afford to use. Most of the times, these new projects offer unreal yield per annum and things like these do not end up well.