TechFlow, September 17 — Yala has released a follow-up analysis report on the September 14 attack incident. The attacker exploited temporary deployment keys authorized during a cross-chain bridge deployment in August to establish an unauthorized bridge and withdraw funds. The YU token briefly depegged to $0.2 before stabilizing at $0.94. The official statement confirmed that no protocol vulnerabilities were exploited and Bitcoin reserves remained unaffected.
The hacker has returned 22.287 million YU tokens. The remaining 7.713 million YU tokens have been converted into 1,635.572 ETH, with 151.5 ETH mixed via Tornado Cash and 1,474.6 ETH distributed across 146 wallets controlled by the hacker.
Yala announced it will burn the illegally minted YU tokens on September 23 and restore the 1:1 USDC redemption rate. It will also compensate users who suffered liquidation losses due to the depegging and has already partnered with law enforcement to track down the hacker.
