Many yield farmers lost more than they bargained for when they trusted this DeFi dev

Yield farmers looking for a quick profit were recently taken in by a dubious DeFi protocol called UniCats.

A yield farming scheme reminiscent of other, more famous protocols like SushiSwap or Yam.

According to ZenGo researcher Alex Manuskin, at least one of its users lost more than $140,000 worth of Uniswap tokens even after they removed their funds from the protocol.

Other users lost about $50,000 more, Manuskin told Cointelegraph.

The users fell victim to a dangerous practice commonly seen in DeFi, where most protocols will request the authorization to withdraw unlimited amounts of a particular token from the customer's wallet.

Since users granted infinite approvals to this contract, the developer was able to drain the entirety of its users' UNI balances.

In the wake of the yield farming mania, many lesser known yield farms were spun up to capitalize on the trend.

Many yield farmers were "Rug pulled" and their funds drained in similar incidents.

The infinite allowance mechanism allows the contract to withdraw every single token on the user's wallet, forever.

As the Bancor vulnerability showed in June, any compromise of a contract down the line exposes its users to theft, even if they haven't interacted with the protocol in a while.