The post Yearn Finance Suffers Hack, $3 Million Lost in yETH Exploit appeared on BitcoinEthereumNews.com. Key Highlights A hacker exploited an “infinite mint” vulnerability in Yearn Finance’s yETH product, which allowed them to create unlimited yETH tokens and steal approximately $3 million from a liquidity pool in a single transaction The total stolen fund of around 1,000 ETH were laundered through the sanctioned privacy mixer Tornado Cash Yearn Finance clarified that its core vaults are unaffected in this cyberattack Yearn Finance, a major decentralised protocol, has confirmed the recent security breach on its platform. On November 30, the exploit took place on the protocol, in which Yearn’s yETH was targeted.  We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected. — yearn (@yearnfi) November 30, 2025 According to a report, a highly sophisticated transaction has allowed an attacker to create a nearly endless supply of yETH tokens. This fake supply was then used to drain approximately $3 million in real assets from connected liquidity pools.  Shortly after this suspicious transaction, on-chain data revealed that the stolen funds, with around 1000 ETH, were sent through Tornado Cash, which is a privacy tool that makes it extremely difficult to trace cryptocurrency transactions.  What is yETH? yETH is a liquid staking token index. Its purpose is to make staking on the Ethereum network simpler for daily users. Instead of choosing a single staking service, yETH automatically uses a combination of many popular staking tokens, including Lido’s stETH and Rocket Pool’s rETH, into one single token.  This allows users to diversify their yield-bearing assets. The product became so popular and held over $8.82 million in total value locked on the protocol, according to DefiLIama. What Happened on Yearn Finance ETH? According to the expert, the attacker has taken advantage of the protocol’s infinite vulnerability within the yETH smart contract.… The post Yearn Finance Suffers Hack, $3 Million Lost in yETH Exploit appeared on BitcoinEthereumNews.com. Key Highlights A hacker exploited an “infinite mint” vulnerability in Yearn Finance’s yETH product, which allowed them to create unlimited yETH tokens and steal approximately $3 million from a liquidity pool in a single transaction The total stolen fund of around 1,000 ETH were laundered through the sanctioned privacy mixer Tornado Cash Yearn Finance clarified that its core vaults are unaffected in this cyberattack Yearn Finance, a major decentralised protocol, has confirmed the recent security breach on its platform. On November 30, the exploit took place on the protocol, in which Yearn’s yETH was targeted.  We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected. — yearn (@yearnfi) November 30, 2025 According to a report, a highly sophisticated transaction has allowed an attacker to create a nearly endless supply of yETH tokens. This fake supply was then used to drain approximately $3 million in real assets from connected liquidity pools.  Shortly after this suspicious transaction, on-chain data revealed that the stolen funds, with around 1000 ETH, were sent through Tornado Cash, which is a privacy tool that makes it extremely difficult to trace cryptocurrency transactions.  What is yETH? yETH is a liquid staking token index. Its purpose is to make staking on the Ethereum network simpler for daily users. Instead of choosing a single staking service, yETH automatically uses a combination of many popular staking tokens, including Lido’s stETH and Rocket Pool’s rETH, into one single token.  This allows users to diversify their yield-bearing assets. The product became so popular and held over $8.82 million in total value locked on the protocol, according to DefiLIama. What Happened on Yearn Finance ETH? According to the expert, the attacker has taken advantage of the protocol’s infinite vulnerability within the yETH smart contract.…

Yearn Finance Suffers Hack, $3 Million Lost in yETH Exploit

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Key Highlights

  • A hacker exploited an “infinite mint” vulnerability in Yearn Finance’s yETH product, which allowed them to create unlimited yETH tokens and steal approximately $3 million from a liquidity pool in a single transaction
  • The total stolen fund of around 1,000 ETH were laundered through the sanctioned privacy mixer Tornado Cash
  • Yearn Finance clarified that its core vaults are unaffected in this cyberattack

Yearn Finance, a major decentralised protocol, has confirmed the recent security breach on its platform. On November 30, the exploit took place on the protocol, in which Yearn’s yETH was targeted. 

According to a report, a highly sophisticated transaction has allowed an attacker to create a nearly endless supply of yETH tokens. This fake supply was then used to drain approximately $3 million in real assets from connected liquidity pools. 

Shortly after this suspicious transaction, on-chain data revealed that the stolen funds, with around 1000 ETH, were sent through Tornado Cash, which is a privacy tool that makes it extremely difficult to trace cryptocurrency transactions. 

What is yETH?

yETH is a liquid staking token index. Its purpose is to make staking on the Ethereum network simpler for daily users. Instead of choosing a single staking service, yETH automatically uses a combination of many popular staking tokens, including Lido’s stETH and Rocket Pool’s rETH, into one single token. 

This allows users to diversify their yield-bearing assets. The product became so popular and held over $8.82 million in total value locked on the protocol, according to DefiLIama.

What Happened on Yearn Finance ETH?

According to the expert, the attacker has taken advantage of the protocol’s infinite vulnerability within the yETH smart contract. In simple words, this flaw allowed the attacker to generate a massive, unauthorised amount of yETH tokens without providing the required collateral to generate these tokens. 

(Source: Togbe on X)

On November 30, the attacker used newly created smart contracts to interact with the yETH system. These contracts have tricked the system and decisively bypassed the normal safety checks. In a single transaction, the attacker minted trillions of yETH tokens out of thin air. 

This huge amount of worthless yETH was then immediately swapped for valuable assets like ETH and stETH in a Balancer liquidity pool. This allowed the attacker to drain this pool.

An on-chain sleuth was among the first to trace the suspicious activity on the network, stating that the pool had been drained for a profit of about 1,000 ETH. After the attack, the pool’s value dropped to almost zero. According to a report, the attacker has managed to walk away with approximately $3 million after accounting for transaction costs. 

To camouflage these tracks, the malicious contracts in the hack were programmed to self-destruct immediately after the theft. This is the common technique used in this type of hack.

The hacker then quickly moved to launder the stolen funds. The entire sum of 1,000 ETH was broken down into smaller batches and sent through Tornado Cash. This platform is developed to erase the trail of cryptocurrency, and earlier, it was officially sanctioned by the U.S. government because it is often used by criminals to hide their funds. 

Yearn Finance Investigates the Incident

After this hack, the Yearn Finance team released an official statement, confirming that they were investigating the exploit involving the specific yETH pool. 

However, they ensured that their Yearn Vaults, which managed over half of billion dollars, were completely unaffected. This isolation of the problem prevented a much larger disaster. Yearn clarified that yETH is an experimental index that operates separately from its main secure vault system. 

This is not the first time Yearn Finance has suffered a cyber attack. Back in April 2023, the protocol suffered a similar exploit due to an old and outdated contract, which allowed the attacker to steal $11 million. 

Source: https://www.cryptonewsz.com/yearn-finance-hack-3-m-lost-yeth-exploit/

Market Opportunity
Ethereum Logo
Ethereum Price(ETH)
$1 858,94
$1 858,94$1 858,94
+0,79%
USD
Ethereum (ETH) Live Price Chart

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

JULY 10 — An elderly society is becoming increasingly prevalent in Malaysia at present. It is projected that the p...
Share
Malaymail2026/07/10 15:24
One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight

One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight

The post One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight appeared on BitcoinEthereumNews.com. Frank Sinatra’s The World We Knew returns to the Jazz Albums and Traditional Jazz Albums charts, showing continued demand for his timeless music. Frank Sinatra performs on his TV special Frank Sinatra: A Man and his Music Bettmann Archive These days on the Billboard charts, Frank Sinatra’s music can always be found on the jazz-specific rankings. While the art he created when he was still working was pop at the time, and later classified as traditional pop, there is no such list for the latter format in America, and so his throwback projects and cuts appear on jazz lists instead. It’s on those charts where Sinatra rebounds this week, and one of his popular projects returns not to one, but two tallies at the same time, helping him increase the total amount of real estate he owns at the moment. Frank Sinatra’s The World We Knew Returns Sinatra’s The World We Knew is a top performer again, if only on the jazz lists. That set rebounds to No. 15 on the Traditional Jazz Albums chart and comes in at No. 20 on the all-encompassing Jazz Albums ranking after not appearing on either roster just last frame. The World We Knew’s All-Time Highs The World We Knew returns close to its all-time peak on both of those rosters. Sinatra’s classic has peaked at No. 11 on the Traditional Jazz Albums chart, just missing out on becoming another top 10 for the crooner. The set climbed all the way to No. 15 on the Jazz Albums tally and has now spent just under two months on the rosters. Frank Sinatra’s Album With Classic Hits Sinatra released The World We Knew in the summer of 1967. The title track, which on the album is actually known as “The World We Knew (Over and…
Share
BitcoinEthereumNews2025/09/18 00:02
Not a loophole: Singapore AI export controls let China tap US AI legally

Not a loophole: Singapore AI export controls let China tap US AI legally

American AI technology is reaching Chinese tech giants through a route that US export controls were never designed to close: Singapore. The city-state sits outside
Share
The Cryptonomist2026/07/10 14:46

Activate to Enjoy Special Perks

Activate to Enjoy Special PerksActivate to Enjoy Special Perks

Access 0 fees, premium support, and loss coverage.