Yearn Finance Loses $9M in Single-Transaction Exploit of yETH Vault

Yearn Finance has suffered a major security breach, resulting in the loss of approximately $9 million.

The exploit targeted a legacy stable swap pool associated with the protocol’s yETH token that allowed the hackers to mint an infinite number of coins.

Flaw in the yETH Contract

Blockchain security firm Peckshield was the first to flag the incident via X, stating, “Yearn Finance suffered an attack resulting in a total loss of ~$9M.”

According to the analysts, the attacker abused a critical vulnerability in the yETH token contract that let them mint fresh yETH without posting adequate collateral, effectively inflating the token supply at will. This loophole was then used to drain liquidity from a pool outside of Yearn’s core vault products.

Targeted in the exploit was a custom-built contract designed to aggregate staked Ethereum derivatives such as stETH and rETH. The protocol later shared that the yUSND pool and Nerite’s vaults remained secure and were not impacted by the protocol failure. Following the attack, those responsible then laundered over $3 million in stolen ETH through Tornado Cash. Meanwhile, the remaining $6 million in various staked Ethereum assets remain in their wallet address (0xa80d…c822) as of the latest blockchain scans.

Yearn also confirmed the compromise on X. It reported that $0.9 million was lost from the yETH-WETH stableswap pool on Curve, while an additional $8 million was drained from the affected pool. Impacted users were also advised to open a support ticket on the project’s Discord.

Early Investigation Findings

The platform announced that it has assembled a war room, comprising SEAL911 and its audit partner, Chain Security, with a full postmortem investigation underway.

Early findings suggest that the incident shares a similar level of technical complexity with the recent Balancer hack. That unauthorized access resulted in more than $120 million being stolen across the platform’s main protocol and several forks.

On-chain analysts traced the Balancer event to a precision-loss bug in the integer fixed-point arithmetic used to calculate scaling factors within Composable Stable Pools, which are optimized for near-parity asset pairs like USDC/USDT or WETH/stETH.

SlowMist later shared that the flaw led to subtle but repeated price discrepancies during swaps, particularly when attackers executed multiple operations within a single transaction using the batch swap function.

Meanwhile, Yearn’s incident follows shortly after Korean exchange Upbit suffered its own security lapse, which resulted in the loss of $50 million in Ethereum.

The post Yearn Finance Loses $9M in Single-Transaction Exploit of yETH Vault appeared first on CryptoPotato.