Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Yearn Finance is dealing with a fresh security breach after an attacker exploited its yETH token contract and drained millions in ETH and liquid staking assets from Balancer pools. The incident unfolded late on Nov. 30 when an attacker triggered…Yearn Finance is dealing with a fresh security breach after an attacker exploited its yETH token contract and drained millions in ETH and liquid staking assets from Balancer pools. The incident unfolded late on Nov. 30 when an attacker triggered…

Yearn Finance hit by yETH exploit with $3M sent to Tornado Cash

Author: Crypto.news
Source: Crypto.news
2025/12/01 11:15
3 min read
TokenFi
TOKEN$0.002867-0.03%
Ethereum
ETH$1,972.25-0.57%
For feedback or concerns regarding this content, please contact us at [email protected]

Yearn Finance is dealing with a fresh security breach after an attacker exploited its yETH token contract and drained millions in ETH and liquid staking assets from Balancer pools.

Summary
  • The exploit targeted an older yETH contract, allowing the attacker to mint an unlimited supply of tokens and empty the Balancer pool.
  • Around 1,000 ETH moved through Tornado Cash shortly after the attack, with more assets still held across the attacker’s wallets.
  • Yearn confirmed the issue is isolated from its V2 and V3 Vaults and is preparing a detailed report on the incident.

The incident unfolded late on Nov. 30 when an attacker triggered an infinite-mint flaw inside the yETH contract. They then minted an impossibly large supply of yETH, more than 235 trillion tokens, in a single transaction. 

With those tokens, the attacker moved quickly through Balancer pools, removing real assets, including ETH and popular staking derivatives. Initial traces show close to $3 million flowing through Tornado Cash shortly after the exploit, while the attacker’s address still holds additional assets tied to the event.

Exploit isolated to legacy yETH product

Blockchain data shows the yETH stableswap pool was emptied within minutes, leaving a roughly $2.8 million hole. Yearn Finance(YFI) said the issue sits within an older implementation of yETH and does not touch its V2 or V3 Vaults. Protocols built on Yearn V3, including Katana, also reported no exposure.

Several helper contracts appeared just moments before the attack and vanished through self-destruct calls once the pool was drained, making the trail harder to follow.

Security teams reviewing the transactions, including auditors tracking Yearn’s older products, linked the event to a long-standing minting weakness inside the yETH token logic, rather than a problem in Yearn’s current vault architecture.

The protocol maintains a live bug bounty program with rewards reaching $200,000 for critical discoveries, though no recovery path has been announced yet.

On-chain movement intensifies after liquidity drain

Soon after the pool collapsed, X user Togbo flagged several movements of 100 ETH batches passing through Tornado Cash. Around 1,000 ETH in total was mixed in the hours following the exploit. The attacker still retains additional assets worth several million dollars across multiple wallets.

The yETH pool carried roughly $11 million before the breach, and while the final loss number is still under review, Yearn said user funds inside active vaults remain safe.

This incident adds to the protocol’s long record of managing legacy risks, coming years after its 2021 yDAI exploit and a 2023 treasury misconfiguration that did not affect depositors. YFI slipped about 4% after the event and traded near $4,002 at press time.

Market Opportunity
TokenFi Logo
TokenFi Price(TOKEN)
$0.002867
$0.002867$0.002867
+0.20%
USD
TokenFi (TOKEN) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#On-chain

You May Also Like

UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

The post UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future appeared on BitcoinEthereumNews.com. Key Highlights Microsoft and Google pledge billions as part of UK US tech partnership Nvidia to deploy 120,000 GPUs with British firm Nscale in Project Stargate Deal positions UK as an innovation hub rivaling global tech powers UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future The UK and the US have signed a “Technological Prosperity Agreement” that paves the way for joint projects in artificial intelligence, quantum computing, and nuclear energy, according to Reuters. Donald Trump and King Charles review the guard of honour at Windsor Castle, 17 September 2025. Image: Kirsty Wigglesworth/Reuters The agreement was unveiled ahead of U.S. President Donald Trump’s second state visit to the UK, marking a historic moment in transatlantic technology cooperation. Billions Flow Into the UK Tech Sector As part of the deal, major American corporations pledged to invest $42 billion in the UK. Microsoft leads with a $30 billion investment to expand cloud and AI infrastructure, including the construction of a new supercomputer in Loughton. Nvidia will deploy 120,000 GPUs, including up to 60,000 Grace Blackwell Ultra chips—in partnership with the British company Nscale as part of Project Stargate. Google is contributing $6.8 billion to build a data center in Waltham Cross and expand DeepMind research. Other companies are joining as well. CoreWeave announced a $3.4 billion investment in data centers, while Salesforce, Scale AI, BlackRock, Oracle, and AWS confirmed additional investments ranging from hundreds of millions to several billion dollars. UK Positions Itself as a Global Innovation Hub British Prime Minister Keir Starmer said the deal could impact millions of lives across the Atlantic. He stressed that the UK aims to position itself as an investment hub with lighter regulations than the European Union. Nvidia spokesman David Hogan noted the significance of the agreement, saying it would…
Share
BitcoinEthereumNews2025/09/18 02:22
Top 10 Influential Women in Crypto 2026

Top 10 Influential Women in Crypto 2026

The post Top 10 Influential Women in Crypto 2026 appeared on BitcoinEthereumNews.com. Over the years, the crypto industry has transformed from a niche experiment
Share
BitcoinEthereumNews2026/03/08 17:01
BNB Market Cap Surpasses Accenture, Reaches $149 Billion

BNB Market Cap Surpasses Accenture, Reaches $149 Billion

Detail: https://coincu.com/markets/bnb-surpasses-accenture-market-cap/
Share
Coinstats2025/09/21 10:39

Trending News

More

UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

Top 10 Influential Women in Crypto 2026

BNB Market Cap Surpasses Accenture, Reaches $149 Billion

Nexo Expands to Argentina to Redefine Digital Dollar Savings

Wang Yi on the situation in Iran: Cease military operations and avoid escalation.

Quick Reads

More

What is CLAWSTR Crypto? An Introduction to CLAWSTR Cryptocurrency

What is Autism Coin (AUTISM)? An Introduction to Cryptocurrency

What is HODL Coin HODL? An Introduction to Cryptocurrency

What is Milady Token MILADY? An Introduction to Cryptocurrency

What is Archer Aviation Tokenized Stock (ACHRON)? An Introduction to Cryptocurrency

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$67,884.34
$67,884.34$67,884.34

0.00%

Ethereum Logo

Ethereum

ETH

$1,972.25
$1,972.25$1,972.25

-0.44%

Solana Logo

Solana

SOL

$83.62
$83.62$83.62

-0.16%

XRP Logo

XRP

XRP

$1.3670
$1.3670$1.3670

+0.70%

DOGE Logo

DOGE

DOGE

$0.09043
$0.09043$0.09043

+0.46%