Yearn Finance ended November on a poor note after its yETH product suffered a significant hack, resulting in a total loss of about $9 million. The attacker exploited a flaw in an older yETH contract, generating 235 trillion tokens in one transaction and draining ETH and other assets from a Balancer stableswap pool. The hack used new contracts to carry out the attack, but those contracts self-destructed afterward to hide their tracks. Thankfully, Yearn’s main V2 and V3 Vaults, which handle over $500 million in assets, were not affected because they have a separate design. How the Attack Unfolded The security issue came from an old yETH system that did not require enough collateral during token creation. The attacker exploited this by running a transaction that quickly allowed them to create yETH tokens without the necessary backing. The move led to a significant loss of ETH from the linked Balancer pool. On-chain analysts tracked the movement and found an immediate loss of about 1,000 ETH, worth $3 million, bringing the total to $9 million after a complete assessment. To further complicate matters, the attacker used six helper contracts that were set up just minutes before the attack. These contracts helped move funds and then self-destructed soon after. They then moved the stolen funds through Tornado Cash within an hour to hide their origin. Meanwhile, several million dollars’ worth of assets remain in the main attacker’s address, which is currently inactive, indicating careful planning. Yearn’s monitoring systems quickly detected unusual minting activity, helping reduce further damage. Since the attack, Yearn Finance’s native token, YFI, has plummeted over 5% to a trading price of $3,890. Yearn’s Immediate Response Yearn Finance confirmed the hack on X, stating that it affected only the yETH pool. It noted that yETH, an experimental product governed by the community, differs from its audited vaults. The protocol’s response team is analyzing the issue in collaboration with external security firms. They have promised to publish a report soon that explains what happened and how to fix it. The community that expressed worry about the recent development felt some relief when Yearn confirmed that its main vault products were safe. Meanwhile, November has become a tale of woe for some decentralized protocols. While Yearn Finance closed the month on a negative note, Balancer started it similarly in sore straits. The protocol fell victim to an exploit on November 3, 2025, resulting in a significant loss of around $128.64 million in a hack. These incidents highlight the ongoing risks of maintaining legacy contracts in the rapidly evolving DeFi sector. The post Yearn Finance Suffers Unlimited Minting Hack, Loses $9 Million appeared first on CoinTab News.Yearn Finance ended November on a poor note after its yETH product suffered a significant hack, resulting in a total loss of about $9 million. The attacker exploited a flaw in an older yETH contract, generating 235 trillion tokens in one transaction and draining ETH and other assets from a Balancer stableswap pool. The hack used new contracts to carry out the attack, but those contracts self-destructed afterward to hide their tracks. Thankfully, Yearn’s main V2 and V3 Vaults, which handle over $500 million in assets, were not affected because they have a separate design. How the Attack Unfolded The security issue came from an old yETH system that did not require enough collateral during token creation. The attacker exploited this by running a transaction that quickly allowed them to create yETH tokens without the necessary backing. The move led to a significant loss of ETH from the linked Balancer pool. On-chain analysts tracked the movement and found an immediate loss of about 1,000 ETH, worth $3 million, bringing the total to $9 million after a complete assessment. To further complicate matters, the attacker used six helper contracts that were set up just minutes before the attack. These contracts helped move funds and then self-destructed soon after. They then moved the stolen funds through Tornado Cash within an hour to hide their origin. Meanwhile, several million dollars’ worth of assets remain in the main attacker’s address, which is currently inactive, indicating careful planning. Yearn’s monitoring systems quickly detected unusual minting activity, helping reduce further damage. Since the attack, Yearn Finance’s native token, YFI, has plummeted over 5% to a trading price of $3,890. Yearn’s Immediate Response Yearn Finance confirmed the hack on X, stating that it affected only the yETH pool. It noted that yETH, an experimental product governed by the community, differs from its audited vaults. The protocol’s response team is analyzing the issue in collaboration with external security firms. They have promised to publish a report soon that explains what happened and how to fix it. The community that expressed worry about the recent development felt some relief when Yearn confirmed that its main vault products were safe. Meanwhile, November has become a tale of woe for some decentralized protocols. While Yearn Finance closed the month on a negative note, Balancer started it similarly in sore straits. The protocol fell victim to an exploit on November 3, 2025, resulting in a significant loss of around $128.64 million in a hack. These incidents highlight the ongoing risks of maintaining legacy contracts in the rapidly evolving DeFi sector. The post Yearn Finance Suffers Unlimited Minting Hack, Loses $9 Million appeared first on CoinTab News.