Buy CryptoMarketsSpotFuturesGOLDEarnEvent Centre
More
Gold vs Crypto
The post Yearn Finance Suffers Exploit, $3M ETH Ends Up in Tornado Cash appeared on BitcoinEthereumNews.com. Yearn Finance’s yETH pool was exploited through an infinite-mint flaw. The attacker drained real assets, pulling nearly $3 million in ETH. Roughly 1,000 ETH was funneled through Tornado Cash in batches. An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash. The ‘Infinite Mint’ Mechanics  The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH. The first and most immediate target was a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figure shows that roughly $3 million worth of ETH was stolen almost instantly. Related: North Korea’s Lazarus Group Linked to $37M Upbit Hack, Timing Clashes with $10B Naver Deal yETH’s Role and the Source of the Weakness The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots. Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral. Once the pool lost its backing, the attacker began to break the stolen ETH into… The post Yearn Finance Suffers Exploit, $3M ETH Ends Up in Tornado Cash appeared on BitcoinEthereumNews.com. Yearn Finance’s yETH pool was exploited through an infinite-mint flaw. The attacker drained real assets, pulling nearly $3 million in ETH. Roughly 1,000 ETH was funneled through Tornado Cash in batches. An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash. The ‘Infinite Mint’ Mechanics  The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH. The first and most immediate target was a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figure shows that roughly $3 million worth of ETH was stolen almost instantly. Related: North Korea’s Lazarus Group Linked to $37M Upbit Hack, Timing Clashes with $10B Naver Deal yETH’s Role and the Source of the Weakness The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots. Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral. Once the pool lost its backing, the attacker began to break the stolen ETH into…

Yearn Finance Suffers Exploit, $3M ETH Ends Up in Tornado Cash

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/12/01 17:07
3 min read
Ethereum
ETH$2,142.97-0.62%
RealLink
REAL$0.06024-1.64%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
  • Yearn Finance’s yETH pool was exploited through an infinite-mint flaw.
  • The attacker drained real assets, pulling nearly $3 million in ETH.
  • Roughly 1,000 ETH was funneled through Tornado Cash in batches.

An infinite-mint vulnerability in Yearn Finance’s yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash.

The ‘Infinite Mint’ Mechanics 

The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH.

The first and most immediate target was a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figure shows that roughly $3 million worth of ETH was stolen almost instantly.

Related: North Korea’s Lazarus Group Linked to $37M Upbit Hack, Timing Clashes with $10B Naver Deal

yETH’s Role and the Source of the Weakness

The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots.

Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral.

Once the pool lost its backing, the attacker began to break the stolen ETH into smaller parts. Around 1,000 ETH, equal to roughly $3 million, moved into Tornado Cash in progressive batches.

The crypto mixer obscures transaction paths, which makes following the trail difficult for on-chain investigators. Blockchain records confirm this process started moments after the exploit and continued in steady intervals.

Other assets taken during the attack still remain in wallets associated with the exploiter, with early assessments showing several million dollars in value yet to move.

Yearn Finance Responds and Assesses Damage

Yearn Finance announced that the exploit sits entirely within the yETH pool and does not touch its V2 or V3 Vaults. These vaults control significantly more capital, which prevented the incident from becoming a far more severe event. The protocol states that its core vaults remain fully protected and unaffected by the flaw.

The team has begun a deeper technical review supported by external security groups to understand the full extent of the exploitation. Early assessments indicate that the loss may reach about $9 million when all affected pools are counted, though the immediate confirmed drain sits closer to $3 million.

Related: Upbit Confirms $37M Hack: Exchange Says It Will Cover Every Lost Dollar

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

Source: https://coinedition.com/yearn-finance-yeth-exploit-balancer-pool-loss/

Market Opportunity
Ethereum Logo
Ethereum Price(ETH)
$2,142.82
$2,142.82$2,142.82
+0.34%
USD
Ethereum (ETH) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Nvidia CEO Says AI Skills Beat Degrees in Hiring

Nvidia CEO Says AI Skills Beat Degrees in Hiring

Nvidia CEO Prioritizes AI Skills, Says AI-Fluent Graduates Will Be Hired Every Time In a statement that underscores the rapidly shifting demands of the global w
Share
Hokanews2026/03/25 03:25
China Launches Cross-Border QR Code Payment Trial

China Launches Cross-Border QR Code Payment Trial

The post China Launches Cross-Border QR Code Payment Trial appeared on BitcoinEthereumNews.com. Key Points: Main event involves China initiating a cross-border QR code payment trial. Alipay and Ant International are key participants. Impact on financial security and regulatory focus on illicit finance. China’s central bank, led by Deputy Governor Lu Lei, initiated a trial of a unified cross-border QR code payment gateway with Alipay and Ant International as participants. This pilot addresses cross-border fund risks, aiming to enhance financial security amid rising money laundering through digital channels, despite muted crypto market reactions. China’s Cross-Border Payment Gateway Trial with Alipay The trial operation of a unified cross-border QR code payment gateway marks a milestone in China’s financial landscape. Prominent entities such as Alipay and Ant International are at the forefront, participating as the initial institutions in this venture. Lu Lei, Deputy Governor of the People’s Bank of China, highlighted the systemic risks posed by increased cross-border fund flows. Changes are expected in the dynamics of digital transactions, potentially enhancing transaction efficiency while tightening regulations around illicit finance. The initiative underscores China’s commitment to bolstering financial security amidst growing global fund movements. “The scale of cross-border fund flows is expanding, and the frequency is accelerating, providing opportunities for risks such as cross-border money laundering and terrorist financing. Some overseas illegal platforms transfer funds through channels such as virtual currencies and underground banks, creating a ‘resonance’ of risks at home and abroad, posing a challenge to China’s foreign exchange management and financial security.” — Lu Lei, Deputy Governor, People’s Bank of China Bitcoin and Impact of China’s Financial Initiatives Did you know? China’s latest initiative echoes the Payment Connect project of June 2025, furthering real-time cross-boundary remittances and expanding its influence on global financial systems. As of September 17, 2025, Bitcoin (BTC) stands at $115,748.72 with a market cap of $2.31 trillion, showing a 0.97%…
Share
BitcoinEthereumNews2025/09/18 05:28
Solana Price Prediction Needs a Year to Match What Pepeto Targets on Listing Day

Solana Price Prediction Needs a Year to Match What Pepeto Targets on Listing Day

While the solana price prediction eyes a recovery toward $294, Pepeto is attracting attention with growth potential that could surpass SOL’s next rally. CME Group
Share
Techbullion2026/03/25 03:17