PANews reported on September 17th that Yala has released a post-mortem analysis of the September 14th attack, detailing the timeline of the incident, analysis results, and its recovery plan. According to the report, a hacker abused a temporary deployment key during authorized bridge deployment to set up an unauthorized cross-chain bridge and withdraw 7.64 million USDC (approximately 1,636 ETH). The YU price briefly decoupled from the USDC to $0.20 before stabilizing at $0.94. No protocol vulnerabilities were exploited, and no Bitcoin reserves were compromised.

Following the unauthorized overissuance of 30 million YU tokens to Solana, the hacker has returned a significant portion of the assets. The current status is as follows: 22.287 million YU tokens have been returned, and the remaining 7.713 million YU have been converted to 1,635,572 ETH. Regarding the recovery plan, all illegally generated YU will be destroyed on September 23rd, and liquidity will be fully restored: every user will be able to redeem YU for USDC at a 1:1 ratio. Some users were unfairly liquidated and penalized due to the YU decoupling. Starting September 23rd, Yala will initiate a claims process for liquidation penalty compensation.