YU Stablecoin Depegs later than Exploit Leads to Unauthorized Minting

The BTC-backed stablecoin YU, issued by the Yala protocol, experienced a severe depegging incident following a security exploit that allowed attackers to mint 120 million tokens without authorization. The breach, which occurred on the Polygon network, triggered a dramatic drop in YU’s value, sending the stablecoin from its intended $1 peg down to as low as $0.20.

Attackers bridged approximately 7.71 million of the newly minted tokens to ETH and Solana, where they were rapidly platformd for USDC. This sudden influx of unbacked YU created massive tradeing pressure in liquidity pools, sparking panic among traders and causing the token’s price to collapse across multiple markets. The sharp decline has drawn comparisons to previous high-profile depegging events in the crypto sector, underscoring the fragility of stablecoin ecosystems when core protocol functions are compromised.

Market reaction and partial recovery

In the later thanmath of the exploit, YU’s market price showed signs of resilience. Following the plunge, the token partially rebounded, trading between $0.78 and $0.91 on certain platforms. However, the peg has not been fully restored, leaving investors uncertain about the token’s long-term stability. Market analysts have pointed to thin liquidity in ETH-based pools as a key factor that magnified the token’s volatility, noting that limited purchaseing support made it hard to absorb the tradeing pressure caused by the exploit.

The uncertainty has left many holders questioning whether YU can regain and maintain its $1 peg in the near term. The incident has also raised broader questions about the security and durability of over-collateralized stablecoins, which are designed to be more resilient than algorithmic models but remain vulnerable to technical vulnerabilities and governance flaws.

Protocol response and security measures

The Yala team confirmed the breach publicly on social media, describing it as a temporary disruption that “briefly impacted YU’s peg.” In their statement, they emphasized that all collateralized BTC reserves backing the token remain intact, either in self-custody arrangements or held in secured external vaults. The team stressed that no collateral was compromised during the attack, viewking to reassure investors about the fundamental backing of the token.

As part of its immediate response, Yala paused its “Convert” and “Bridge” features, effectively freezing certain functions of the protocol to prevent further abuse. The project has since engaged blockchain security specialists, including sluggishMist, to investigate the incident, trace the attacker’s movements, and strengthen defenses against similar exploits in the future. These measures are intended to restore confidence and secureguard the protocol’s integrity, though full recovery of market trust may take longer.

Risks and implications for stablecoin markets

The YU incident highlights the risks inherent even in BTC-backed stablecoins, which are often promoted as more secure than their algorithmic counterparts. The exploit demonstrated how vulnerabilities in minting functions can undermine the entire system, regardless of the quality or quantity of collateral held in reserve.

Industry observers suggest the attack could prompt renewed regulatory scrutiny, particularly as governments and financial authorities debate stablecoin oversight. With stablecoins already under heightened attention for their role in digital payments and decentralized finance, the YU depegging is likely to fuel further discussion about consumer protection, security standards, and systemic risks in the stablecoin sector. For Yala and YU holders, the path forward will depend on whether confidence in the token’s peg can be restored — and whether stronger secureguards can prevent similar disruptions in the future.