Yearn Finance is facing one of its largest incidents in recent years after a sophisticated exploit drained roughly $9 million from its ecosystem.
The attack, which struck late on November 30, targeted a custom-built yETH stableswap pool and allowed an attacker to mint an almost unlimited supply of yETH tokens in one move. The breach triggered an emergency response from Yearn’s internal team and external security partners, marking one of the most complex investigations since the recent Balancer exploit.
According to on-chain alerts, the attacker exploited the yETH pool at 21:11 UTC, triggering a flaw in the pool’s custom contract. The bug enabled the minting of a massive amount of yETH, which was then rapidly swapped to drain liquidity.
PeckShield first flagged the attack, confirming that the exploit allowed the minting of a near-infinite number of yETH tokens. The attacker leveraged these newly created tokens to empty the pool almost instantly, all within a single transaction.
Early estimates now show:
Yearn later confirmed the details through its official communication channels.
Shortly after the exploit, the attacker began moving funds across the network. Approximately 1,000 ETH (~$3 million) was routed through Tornado Cash, a common laundering destination for on-chain attackers.
The exploiter’s address, 0xa80d…c822, still holds crypto assets valued at about $6 million, according to chain trackers.
The swift movement of funds indicates a well-prepared and experienced actor, a pattern consistent with the Balancer-style complexity that analysts have already noted.
Yearn Finance released multiple statements within hours of the attack, confirming that:
The team emphasized that the exploit is isolated to this single yETH pool and does not impact the broader Yearn ecosystem, a critical clarification aimed at calming users amid the sudden shock.
Yearn noted that the codebase exploited in this attack is completely separate from all other vaults, products, and strategies currently active on the platform.
A full-scale response effort is now underway. Yearn activated a war room alongside:
The teams are now running an active, ongoing investigation. Yearn urged affected users to open a support ticket on Discord for direct assistance.
Given the complexity of the exploit, Yearn warned that the postmortem may take time. Internal analysts have already stated that the attack appears to match the “high-complexity pattern” seen in November’s Balancer exploit, which also relied on intricate token mechanics and custom contract behavior.
Yearn asked the community to bear with the team as the full analysis is prepared.
Though the full postmortem remains in progress, preliminary analysis suggests the attacker manipulated the yETH pool’s minting logic. The custom code allowed the perpetrator to trigger a flawed conversion path that produced an outsized amount of yETH tokens.
In simpler terms:
The attacker found a way to trick the contract into thinking more collateral existed than was actually present.
This created:
Security experts point out that such attacks usually require:
Yearn’s internal team and its external partners are now replaying the exploit step-by-step to confirm the exact mechanics.
While the loss is significant, Yearn shared a major update: a recovery of 857.49 pxETH, valued at $2.39 million, has been successfully executed.
This coordinated effort involved the Plume and Dinero teams, who assisted in tracing, securing, and returning the assets.
Recovery operations remain active, and Yearn has pledged that any funds retrieved will be returned directly to impacted depositors.
The team also noted that additional recovery attempts are in motion, with the goal of maximizing restitution for affected users.
The crypto community reacted quickly, with analysts, developers, and users noting both the severity of the exploit and the transparency of Yearn’s communication.
Yearn’s rapid updates and clear threads addressing the incident were highlighted as strong crisis management. Security researchers also praised the immediate involvement of SEAL911 and ChainSecurity.
Still, the incident reignites broader concerns about:
For Yearn, the incident raises questions about future audits and how emerging contract models should be handled.
The investigation continues. Yearn Finance is expected to release:
The team also plans to share detailed recovery updates as more assets are tracked and secured.
For now, Yearn’s message remains consistent:
The exploit is isolated, user vaults are safe, and recovery efforts are ongoing.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
Morpho just made history. The decentralized credit protocol has closed a $175 million funding round,…
Bitget Wallet just opened a tokenized equity subscription for SpaceX through xStocksFi, giving regular crypto…
The Open Network's native token Toncoin is being renamed to Gram, with the ticker changing…
One of crypto's most respected on-chain investigators is pushing back hard against the UK's sanctions…
Sam Bankman-Fried is making moves from behind bars. The disgraced FTX founder has formally applied…
Bitget is not treating user security as a footnote. The exchange is bringing back its…