Dear Users, Friends, Peers:
Today we became aware of a potential security incident regarding Yield Monitor’s database. Regretfully, we confirmed the vulnerability to be legitimate. We are confident we have identified and removed the issue to prevent this from occurring again. We have created a new environment and are actively redeploying Yield Monitor. We expect our tracking tools and liquidity pool / asset performance data to return to normal functionality in the coming days.
To be clear: Yield Monitor’s DNS, social accounts, and communication channels are not impacted. This was a siloed occurrence directly within the Yield Monitor (application) database, which we were able to resolve in a short window of time.
While the unauthorized actor gained access to the database, we cannot confirm if they actually backed up the data. For the sake of communication and security, we want you to assume they did.
The unauthorized actor was able to access our database which includes tracked protocols, liquidity pools and asset data, computation functionality, and the various tracking tools related to Yield Monitor.
Additionally, the database stores the emails, passwords, and associated wallet addresses of our registered users. While user passwords are fully encrypted, the agent could have accessed the list of users who opted to create an account with Yield Monitor by providing an email address and password.
For our users who have created an account with us, please be aware:
– that your provided email address may have been accessed, which puts you at risk of spam/phishing emails
– wallet addresses you tracked in Yield Monitor may be associated with your provided email address
– your Yield Monitor password was encrypted
Please take all necessary steps to stay vigilant of any phishing emails that may be sent to you.
Although your Yield Monitor password was encrypted, we encourage you to NEVER use the same password across accounts. If you did, though, we strongly suggest you take a moment to change the password from other accounts in which it was used.
As always, NEVER share your passwords, seed phrases, or other personal details with anyone. Yield Monitor will never ask you for these details and has no control over your digital assets or wallets.
Creating a safe, accessible, data-driven DeFi experience is our sole focus. The unauthorized access of our database is our highest concern.
We sincerely apologize for any issue this might cause.
For the sake of clarity, Yield Monitor has turned OFF all “marketing emails” — registered users will receive NO communication from Yield Monitor at this time. This means that new users will NOT receive onboarding emails, educational links, and other welcoming communications typically sent to new members of the Yield Monitor community.
This will allow users to recognize suspicious emails in the near future. If you receive an email claiming to be “from Yield Monitor”, please ignore and block the sender. We will alert our community and users before we resume email communications.
Regular communications will continue via our X (Twitter) account and Discord community for product updates, new features, and as much educational content as we can create.
Our sincerest apologies for this issue. We take the data, privacy, trust, and experience of our users seriously and are extremely disappointed at the occurrence.
Thanks for your understanding. Please be safe.
See you on chain.