Advertise
- Rizwan AnsariRizwan Ansari
- Reviewed by:
Sohrab KhawasSohrab is a passionate cryptocurrency news writer with over five years of experience covering the industry. He keeps a keen interest in blockchain technology and its potential to revolutionize finance. Whether he's trading or writing, Sohrab always keeps his finger on the pulse of the crypto world, using his expertise to deliver informative and engaging articles that educate and inspire. When he's not analyzing the markets, Sohrab indulges in his hobbies of graphic design, minimal design or listening to his favorite hip-hop tunes.
- Dec 01, 2025 04:55 UTC
-
Yearn Finance Hit by $9M Exploit as Hacker Mints “Infinite yETH Tokens”
Yearn Finance loses nearly $9M after hacker mints unlimited yETH tokens and drains liquidity pools.
Over $3M in stolen ETH moved through Tornado Cash, hiding hacker’s transaction trails successfully.
Hacker wallet still holds around $6M mixed assets, including various staked Ethereum derivatives.
Yearn Finance, one of the most well-known DeFi platforms, has suffered a major security incident that caused nearly $9 million in losses. The attack targeted a custom stable-swap pool linked to Yearn’s yETH token, allowing the hacker to mint almost unlimited tokens and drain the pool in a single strike.
Here are the key details.
How the Attack Happened
According to Yearn Finance, the issue occurred on November 30 around 21:11 UTC. The affected contract was designed differently from Yearn’s main products, but a weakness in that code allowed the attacker to mint a near-infinite number of yETH tokens, far beyond what the system was supposed to allow.
With these fake tokens, they withdrew real ETH and liquid staking assets from the pool.
Around $8 million was drained from the main stableswap pool, and another $0.9 million was removed from the yETH-WETH pool on Curve. The damage is nearly $9 million.
$3 Million Laundered Through Tornado Cash
Blockchain security firm PeckShieldAlert confirms that the exploiter quickly moved around 1,000 ETH ($3 million) into Tornado Cash, a platform often used to hide transaction trails. The remaining stolen funds, roughly $6 million, still sit in the attacker’s wallet address (0xa80d…c822).
The wallet currently holds a mix of ETH, pxETH, frxETH, cbETH, Lido stETH, and Rocket Pool rETH. Most of this is now staked, likely an attempt to delay recovery or complicate potential legal actions.
Yearn Finance’s Response
Yearn Finance’s team quickly responded, confirming that the exploit was isolated to the legacy yETH product and assured users that active vaults and their funds remain safe.
They have been working with security teams and auditors to investigate the incident further. Until now, no recovery plan has been announced.
Following the attack news market reaction saw Yearn’s governance token (YFI) drop about 4.4% post-incident, trading near $3956.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
$3.17M total: 751 wstETH + 412 rETH + 203 cbETH. Attacker bridged 1,200 ETH to BTC & Tornado Cash; $740k still in wallet.
Yes, 100% safe. V3 vaults & yUSD untouched. Only legacy yETH LST basket & Balancer pool affected. Confirmed by Andre Cronje.
Yes—Dec 1 governance proposal (97% support) to reimburse $3.2M losses from treasury via USDC Merkle drop within 48 hrs.
Fixed: new v1.1 contract deployed, router paused, $500k bug bounty launched & real-time mint alerts added by Chainalysis.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Yes 
No 
