Yearn Finance hit by yETH exploit with $3M sent to Tornado Cash
Yearn Finance is dealing with a fresh security breach after an attacker exploited its yETH token contract and drained millions in ETH and liquid staking assets from Balancer pools.
- The exploit targeted an older yETH contract, allowing the attacker to mint an unlimited supply of tokens and empty the Balancer pool.
- Around 1,000 ETH moved through Tornado Cash shortly after the attack, with more assets still held across the attacker’s wallets.
- Yearn confirmed the issue is isolated from its V2 and V3 Vaults and is preparing a detailed report on the incident.
The incident unfolded late on Nov. 30 when an attacker triggered an infinite-mint flaw inside the yETH contract. They then minted an impossibly large supply of yETH, more than 235 trillion tokens, in a single transaction.
With those tokens, the attacker moved quickly through Balancer pools, removing real assets, including ETH and popular staking derivatives. Initial traces show close to $3 million flowing through Tornado Cash shortly after the exploit, while the attacker’s address still holds additional assets tied to the event.
Exploit isolated to legacy yETH product
Blockchain data shows the yETH stableswap pool was emptied within minutes, leaving a roughly $2.8 million hole. Yearn Finance( YFI ) said the issue sits within an older implementation of yETH and does not touch its V2 or V3 Vaults. Protocols built on Yearn V3, including Katana, also reported no exposure.
Several helper contracts appeared just moments before the attack and vanished through self-destruct calls once the pool was drained, making the trail harder to follow.
Security teams reviewing the transactions, including auditors tracking Yearn’s older products, linked the event to a long-standing minting weakness inside the yETH token logic, rather than a problem in Yearn’s current vault architecture.
The protocol maintains a live bug bounty program with rewards reaching $200,000 for critical discoveries, though no recovery path has been announced yet.
On-chain movement intensifies after liquidity drain
Soon after the pool collapsed, X user Togbo flagged several movements of 100 ETH batches passing through Tornado Cash. Around 1,000 ETH in total was mixed in the hours following the exploit. The attacker still retains additional assets worth several million dollars across multiple wallets.
The yETH pool carried roughly $11 million before the breach, and while the final loss number is still under review, Yearn said user funds inside active vaults remain safe.
This incident adds to the protocol’s long record of managing legacy risks , coming years after its 2021 yDAI exploit and a 2023 treasury misconfiguration that did not affect depositors. YFI slipped about 4% after the event and traded near $4,002 at press time.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
The Growing Popularity of Security System Technologies Amidst a Changing World
- Security systems technology is becoming a critical pillar for economic/geopolitical resilience amid rising cyber threats and global tensions. - Cybersecurity markets are projected to grow at 9.1% CAGR through 2030, driven by cloud/IoT/AI adoption and escalating ransomware risks. - Geopolitical conflicts like U.S.-China trade wars and EU tariffs are accelerating demand for hybrid threat defenses and AI-powered security solutions. - Investors should prioritize firms integrating physical/digital security, d
Zcash Halving Event: The Impact on Bitcoin Privacy Coins and Price Trends After Halving
- Zcash’s 2025 halving reduces block rewards by 50%, tightening supply and enhancing privacy via zk-SNARKs. - Historical data shows ZEC surged 92% post-2024 halving, outperforming Bitcoin amid regulatory uncertainty. - Institutional investments, including $151.6M from Grayscale, highlight Zcash’s growing appeal as a privacy-focused alternative to Bitcoin.
Timeless Investment Strategies: Why Insights from 1927 Continue to Shape Today’s Investors
- McNeel's 1927 "Beating the Market" prefigured Buffett's value investing and modern behavioral finance principles. - He advocated emotional discipline and long-term faith in U.S. economic resilience, echoed by Buffett's "margin of safety" strategy. - Modern behavioral finance (2020–2025) validates these insights, showing disciplined investors outperforming during crises like 2008 and 2020. - Algorithmic trading and meme stocks highlight the enduring relevance of McNeel's principles in countering speculati
Trending news
MoreCrypto prices
More
