Yala’s dollar-pegged YU stablecoin fell sharply over the weekend, trading between $0.20 and $0.30 depending on venue, after what the team called an “attempted attack.” In statements and follow-ups, Yala said the incident was contained, that it’s cooperating with security firm SlowMist, and that it would restore liquidity pools and allow users to redeem YU for USDC at a 1:1 rate.
What exactly happened
Coverage from multiple outlets and on-chain analysts points to an unauthorized token mint on Polygon that flooded supply and broke the peg:
- The Block reported that an attacker minted 120 million YU, triggering the depeg.
- ForkLog recapped the team’s posts, noting YU slumped to ~$0.30 on Uniswap on Sept. 13, later clawing back part of the loss; the team said it had identified the stolen assets, contacted law enforcement, and emphasized that Bitcoin collateral remained safe.
- Cointelegraph said YU dropped as low as ~$0.2046 during the episode and has struggled to restore the peg.
ForkLog also summarized Lookonchain’s trace: the attacker sold ~7.71M YU for ~7.7M USDC across Ethereum and Solana, then bought ~1,501 ETH and split funds among wallets; tens of millions of YU reportedly remain on Polygon and other chains.
What Yala says
In messages highlighted by ForkLog, the Yala team characterized the event as a security breach and said it is working with SlowMist and other partners. The team pledged to replenish affected liquidity pools and enable 1:1 YU-to-USDC exchanges, adding that all Bitcoin funds are secure and that the protocol continues to generate revenue (they cited a run-rate estimate in their post).
Separate notes from regional crypto media indicate SlowMist confirmed it received an official request for assistance from Yala, aligning with the team’s public statements.
The depeg by the numbers
- Depth of price move: ~$0.20 intraday low (per Cointelegraph), ~$0.30 on Uniswap snapshots (per ForkLog’s DEX chart).
- Scale of mint: ~120 million YU unauthorized (per The Block; echoed by other market reports).
- Estimated swaps: ~$7.7M USDC realized from sales across chains; proceeds allegedly moved into ~1,501 ETH.
Why this matters for stablecoins
Events like this spotlight enduring stablecoin depegging risks—especially for over-collateralized or crypto-collateralized designs that rely on bridges and cross-chain logic. Sudden supply shocks (via unauthorized minting) can overwhelm thin liquidity pools, producing outsized price gaps until arbitrage or protocol actions restore confidence. Educational resources note that liquidity depth and redemption mechanics are critical to minimizing depeg severity.
What to watch next
- Redemptions and liquidity: Does the promised 1:1 YU→USDC facility materialize quickly, and at what scale? Are Uniswap and other pools replenished as pledged? (ForkLog reported Uniswap liquidity was modest relative to trading share during the sell-off.)
- Forensics and recovery: Any law-enforcement actions or asset freezes resulting from SlowMist’s investigation and the on-chain trail.
- Design changes: Whether Yala implements mint-guardrails, rate-limits, or bridge controls to reduce cross-chain attack surfaces—common hardening steps after depegs across the sector. (Cointelegraph summarized the team’s initial framing as an attempted exploit under review.)
The broader market read-through
Beyond YU, the incident is a reminder that stablecoin security isn’t just about reserves; it also hinges on minting controls, governance keys, oracles, and bridge infrastructure. Firms like SlowMist have repeatedly documented how breakdowns in any of those layers can cascade into price instability.
Quick Conclusion
- YU depegged to ~$0.20–$0.30 over the weekend, depending on venue.
- Yala attributes the drop to a security breach/attempted attack; SlowMist is assisting.
- Reports indicate ~120M YU were unauthorizedly minted on Polygon; ~$7.7M was swapped into USDC, later into ~1,501 ETH.
- The team promises 1:1 redemptions and pool restoration and says BTC collateral remains safe.