ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
Gold Bar & BTC Giveaway2000g
The post Yearn hacker loses $2.4M of $9M loot as tokens burned from wallet appeared on BitcoinEthereumNews.com. Yearn Finance suffered a $9 million hack on Sunday evening, marking the long-established decentralized finance platform’s fifth incident in as many years.  The attack, which occurred just after 9pm UTC, hit the yield farm’s yETH stableswap pool, extracting various ether (ETH) liquid staking tokens (LSTs). Of these, 850 of Redacted Cartel’s LST, pxETH, (worth $2.4 million) was burned by the issuer, with an equivalent amount simultaneously minted to the team’s multisig. Read more: DeFi yield aggregator Yearn discloses September incident in yUSND vault An on-chain message warned the hacker of this possibility approximately eight hours earlier. It reads, “your erc20s are at risk of being burnt and/or blacklisted,” and advises to “deposit them to a pool or swap to ETH to prevent such happenings.” In addition to the earlier warning, the hacker’s address received two fake bounty offers. Later, a Yearn deployer address urged the attacker to “open a communication channel” for the purposes of “discussing terms constructively.” Read more: DeFi platform Yearn exploits itself, begs for money back Yearn’s third hack The hack was down to a combination of a “numerical bug: unchecked underflow/overflow” and an “invariant-management issue,” according to the post-mortem report published by Yearn’s pseudonymous “bunny talisman” Banteg. This led to the attacker minting 235e36 yETH tokens which it then used to withdraw the underlying LSTs. Banteg was keen to point out that yETH is separate to Yearn’s core vault products and “doesn’t share any code with vaults.” One observer pointed out the efficiency of the hack transaction, which covered the entire attack flow. They claim it “deployed attack contracts, conducted the attack, tornado cashed part of the profits, and self-destructed the contracts.” Launched in September 2023, it took over two years for someone to exploit the vulnerability in the yETH pool. Earlier that year, a yUSDT vault lost… The post Yearn hacker loses $2.4M of $9M loot as tokens burned from wallet appeared on BitcoinEthereumNews.com. Yearn Finance suffered a $9 million hack on Sunday evening, marking the long-established decentralized finance platform’s fifth incident in as many years.  The attack, which occurred just after 9pm UTC, hit the yield farm’s yETH stableswap pool, extracting various ether (ETH) liquid staking tokens (LSTs). Of these, 850 of Redacted Cartel’s LST, pxETH, (worth $2.4 million) was burned by the issuer, with an equivalent amount simultaneously minted to the team’s multisig. Read more: DeFi yield aggregator Yearn discloses September incident in yUSND vault An on-chain message warned the hacker of this possibility approximately eight hours earlier. It reads, “your erc20s are at risk of being burnt and/or blacklisted,” and advises to “deposit them to a pool or swap to ETH to prevent such happenings.” In addition to the earlier warning, the hacker’s address received two fake bounty offers. Later, a Yearn deployer address urged the attacker to “open a communication channel” for the purposes of “discussing terms constructively.” Read more: DeFi platform Yearn exploits itself, begs for money back Yearn’s third hack The hack was down to a combination of a “numerical bug: unchecked underflow/overflow” and an “invariant-management issue,” according to the post-mortem report published by Yearn’s pseudonymous “bunny talisman” Banteg. This led to the attacker minting 235e36 yETH tokens which it then used to withdraw the underlying LSTs. Banteg was keen to point out that yETH is separate to Yearn’s core vault products and “doesn’t share any code with vaults.” One observer pointed out the efficiency of the hack transaction, which covered the entire attack flow. They claim it “deployed attack contracts, conducted the attack, tornado cashed part of the profits, and self-destructed the contracts.” Launched in September 2023, it took over two years for someone to exploit the vulnerability in the yETH pool. Earlier that year, a yUSDT vault lost…

Yearn hacker loses $2.4M of $9M loot as tokens burned from wallet

By: BitcoinEthereumNews
2025/12/02 19:15
Ambire Wallet
WALLET$0.02164+2.90%
FINANCE
FINANCE$0.0002798+0.32%
Belong
LONG$0.003933-6.62%
Harvest Finance
FARM$20.15-1.41%
Ethereum
ETH$3,159.27-0.73%

Yearn Finance suffered a $9 million hack on Sunday evening, marking the long-established decentralized finance platform’s fifth incident in as many years. 

The attack, which occurred just after 9pm UTC, hit the yield farm’s yETH stableswap pool, extracting various ether (ETH) liquid staking tokens (LSTs).

Of these, 850 of Redacted Cartel’s LST, pxETH, (worth $2.4 million) was burned by the issuer, with an equivalent amount simultaneously minted to the team’s multisig.

Read more: DeFi yield aggregator Yearn discloses September incident in yUSND vault

An on-chain message warned the hacker of this possibility approximately eight hours earlier. It reads, “your erc20s are at risk of being burnt and/or blacklisted,” and advises to “deposit them to a pool or swap to ETH to prevent such happenings.”

In addition to the earlier warning, the hacker’s address received two fake bounty offers. Later, a Yearn deployer address urged the attacker to “open a communication channel” for the purposes of “discussing terms constructively.”

Read more: DeFi platform Yearn exploits itself, begs for money back

Yearn’s third hack

The hack was down to a combination of a “numerical bug: unchecked underflow/overflow” and an “invariant-management issue,” according to the post-mortem report published by Yearn’s pseudonymous “bunny talisman” Banteg.

This led to the attacker minting 235e36 yETH tokens which it then used to withdraw the underlying LSTs.

Banteg was keen to point out that yETH is separate to Yearn’s core vault products and “doesn’t share any code with vaults.”

One observer pointed out the efficiency of the hack transaction, which covered the entire attack flow. They claim it “deployed attack contracts, conducted the attack, tornado cashed part of the profits, and self-destructed the contracts.”

Launched in September 2023, it took over two years for someone to exploit the vulnerability in the yETH pool.

Earlier that year, a yUSDT vault lost $11 million after three years of activity. Meanwhile, back in 2021, a flash loan attack drained another $11 million from the DAI v1 vault, with the hacker profiting just $2.8 million.

Two operational mistakes have also cost the Yearn treasury.

A botched swap in December 2023 lost $1.4 million, and the treasury covered a $25,000 malfunction in the yUSND vault in September, announced last week.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

Source: https://protos.com/yearn-hacker-loses-2-4m-of-9m-loot-as-tokens-burned-from-wallet/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Essential Guide: Bithumb’s POL Suspension for Crucial Network Upgrade

Essential Guide: Bithumb’s POL Suspension for Crucial Network Upgrade

BitcoinWorld Essential Guide: Bithumb’s POL Suspension for Crucial Network Upgrade Attention Polygon users on Bithumb: The South Korean exchange has announced a temporary halt for POL token transactions. Starting December 9th, you cannot deposit or withdraw POL. This Bithumb POL suspension supports a vital network upgrade. But what does this mean for your assets, and how should you prepare? Let’s break it down. Why is […] This post Essential Guide: Bithumb’s POL Suspension for Crucial Network Upgrade first appeared on BitcoinWorld.
Polygon Ecosystem
POL$0.1239-2.89%
TokenFi
TOKEN$0.003917-5.79%
WHY
WHY$0.00000001977-0.05%
Share
bitcoinworld2025/12/05 11:25
What The CHESS, DF, GHST Hold-Up Means For You

What The CHESS, DF, GHST Hold-Up Means For You

The post What The CHESS, DF, GHST Hold-Up Means For You appeared on BitcoinEthereumNews.com. Binance Suspends Deposits: What The CHESS, DF, GHST Hold-Up Means For You Skip to content Home Crypto News Binance Suspends Deposits: What the CHESS, DF, GHST Hold-Up Means for You Source: https://bitcoinworld.co.in/binance-suspends-deposits-chess-df-ghst/
Tranchess
CHESS$0.02825-9.65%
dForce
DF$0.0136-2.71%
Aavegotchi
GHST$0.2027-2.45%
Share
BitcoinEthereumNews2025/12/05 11:24
QQQ short term cycle nearing end; pullback likely to attract buyers [Video]

QQQ short term cycle nearing end; pullback likely to attract buyers [Video]

The post QQQ short term cycle nearing end; pullback likely to attract buyers [Video] appeared on BitcoinEthereumNews.com. The short-term Elliott Wave outlook for the Nasdaq 100 ETF (QQQ) indicates that the cycle from the April 2025 low remains active. Wave (4) of the ongoing impulse concluded at 580.27, and the ETF has since resumed its upward trajectory. To confirm continuation, price must break above the prior wave (3) peak recorded on 30 October at 638.41. The rally from the 21 November wave (4) low has matured and is expected to complete soon, reflecting the natural rhythm of the Elliott Wave sequence. The advance from wave (4) has unfolded as a five-wave impulse. Within this structure, wave ((i)) ended at 586.25, followed by a corrective pullback in wave ((ii)) that terminated at 580.36. From there, the ETF nested higher. Wave (i) of the next sequence ended at 596.98, while wave (ii) pulled back to 589.44. Momentum carried wave (iii) to 606.76, before wave (iv) corrected to 597.32. The final leg, wave (v), reached 619.51, completing wave ((iii)) at a higher degree. A subsequent pullback in wave ((iv)) ended at 612.13. Looking ahead, wave ((v)) of 1 is expected to finish soon. Afterward, a corrective wave 2 should unfold, addressing the cycle from the 21 November low before the ETF resumes higher. In the near term, as long as the pivot at 580.27 remains intact, dips are anticipated to find support in a 3, 7, or 11 swing sequence, reinforcing prospects for further upside. Nasdaq 100 ETF (QQQ) 30-minute Elliott Wave chart from 12.5.2025 Nasdaq 100 ETF Elliott Wave [Video] Source: https://www.fxstreet.com/news/qqq-short-term-cycle-nearing-end-pullback-likely-to-attract-buyers-video-202512050323
4
4$0.02971-9.31%
SOON
SOON$0.4633-0.34%
1
1$0.008942+9.38%
Share
BitcoinEthereumNews2025/12/05 11:40

Trending News

More

Essential Guide: Bithumb’s POL Suspension for Crucial Network Upgrade

What The CHESS, DF, GHST Hold-Up Means For You

QQQ short term cycle nearing end; pullback likely to attract buyers [Video]

Massive 283 Million USDT Transfer to OKX: What This Whale Movement Reveals

Beijing orders ByteDance, Alibaba to cancel Nvidia chip tests and purchases

Quick Reads

More

OnlyFans Crypto Payment: How to Use Cryptocurrency for Subscriptions

Bitcoin 2026 Investment Outlook: Navigating Opportunities in the Digital Gold Era

Pi Network (PI) vs Bitcoin: 2026 Utility Currency vs Digital Gold (Investor View)

Pi Network (PI) Ecosystem Deep Dive: 2026 Applications & Partnerships (Trader's Guide)

Ethereum (ETH) Short-Term Price Prediction

Crypto Prices

mc_price_img_alt

Bitcoin

BTC

$92,090.20
$92,090.20$92,090.20

-0.96%

mc_price_img_alt

Ethereum

ETH

$3,159.28
$3,159.28$3,159.28

-1.52%

mc_price_img_alt

Solana

SOL

$138.36
$138.36$138.36

-3.38%

mc_price_img_alt

XRP

XRP

$2.0843
$2.0843$2.0843

-3.19%

mc_price_img_alt

Zcash

ZEC

$386.30
$386.30$386.30

+9.37%