- An attacker exploited a legacy yETH contract and drained nearly $9 million across two liquidity pools.
- About $3 million in stolen ETH moved through Tornado Cash, while $6 million remains in the attacker’s wallet.
- Yearn Finance confirmed the issue affected only the legacy product as investigations continue without a recovery plan announced.
Yearn Finance reported a major security incident after an attacker gained access to a custom pool and created an unlimited volume of yETH tokens. The event caused nearly $9 million in losses and prompted immediate investigation efforts. The platform stated that the issue involved a legacy product and did not affect active vaults. The breach triggered new scrutiny across the decentralized finance sector as investigators tracked the movement of stolen assets.
Unauthorized Token Creation Enables Large Asset Drain
The event occurred on November 30 at 21:11 UTC when an attacker targeted a contract linked to Yearn’s yETH token. Investigators stated that the contract used a unique design that differed from the platform’s main offerings. This design created an opening that allowed the attacker to mint yETH tokens far beyond intended limits. The oversized mint then enabled direct withdrawals from connected liquidity pools.
The attacker removed about $8 million from a primary stableswap pool. Additionally, the attacker extracted around $0.9 million from a yETH-WETH pool hosted on Curve. The combined loss reached close to $9 million. The incident unfolded in a single execution, which investigators described as a rapid drain of accessible liquidity.
Movement of Funds Through Tornado Cash Follows the Attack
Soon after the unauthorized withdrawals, tracking groups observed the attacker transferring part of the stolen funds. Analysts at PeckShieldAlert reported that the attacker moved roughly 1,000 ETH, worth about $3 million, through Tornado Cash. This service commonly enables transaction obfuscation, which limits visibility into next-step destinations.
The attacker retained control of the remaining assets. Wallet records showed about $6 million in various tokens still held by the address identified as 0xa80d…c822. These holdings included several staked Ethereum derivatives taken during the initial drain.
Yearn Finance Team Responds While Investigation Continues
Yearn Finance stated that the exploit affected only the legacy yETH product. The team reported that active vaults and user positions did not face exposure. Security partners and auditing groups now review the incident to determine what allowed the contract weakness and how the unauthorized minting occurred. Yearn Finance has not announced any asset recovery process. Investigators continue to document fund movement and analyze the compromised contract. Market data showed that the governance token YFI traded near $3,956 after the incident and recorded a decline of about 4.4%.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed