BarnBridge Governance Attack Drains $776K via Malicious Proxy Upgrade
2026-07-15 14:28

Woofun AI reports that the BarnBridge SMART Yield cUSDC protocol on Ethereum suffered a governance attack causing approximately $776,000 in losses. The attacker acquired DAO governance rights and upgraded the SmartYield/controller proxy to a malicious implementation contract. This contract invoked the _takeUnderlying privileged function of CompoundProvider, leveraging pre-existing USDC approvals from 50 user accounts to transfer aggregated funds to the attacker via transferFees.

Disclaimer: Views are the author's own and do not represent the platform. Do not reproduce without permission. Content is for reference only, not investment advice. Trade at your own risk.
Tags:
USDC
BarnBridge
SMART Yield
SmartYield
CompoundProvider
Ethereum
Share:
back