BTC $69,623.00 +3.46%
ETH $2,074.73 +4.91%
SOL $87.01 +7.34%
AVAX $9.33 +4.08%
UNI $3.52 +3.33%
AAVE $127.70 +12.33%
MATIC $0.000000 +0.00%
ATOM $2.15 +6.41%
LINK $8.98 +5.60%
ADA $0.2836 +7.06%
DOT $1.38 +7.07%
DOGE $0.1015 +8.19%
SHIB $0.000007 +6.08%
LTC $55.61 +3.91%
TRX $0.2833 +2.09%
XLM $0.1699 +6.86%
XMR $354.91 +5.49%
ALGO $0.0978 +6.59%
VET $0.008418 +5.65%
BTC $69,623.00 +3.46%
ETH $2,074.73 +4.91%
SOL $87.01 +7.34%
AVAX $9.33 +4.08%
UNI $3.52 +3.33%
AAVE $127.70 +12.33%
MATIC $0.000000 +0.00%
ATOM $2.15 +6.41%
LINK $8.98 +5.60%
ADA $0.2836 +7.06%
DOT $1.38 +7.07%
DOGE $0.1015 +8.19%
SHIB $0.000007 +6.08%
LTC $55.61 +3.91%
TRX $0.2833 +2.09%
XLM $0.1699 +6.86%
XMR $354.91 +5.49%
ALGO $0.0978 +6.59%
VET $0.008418 +5.65%
HASH Banner
Home › HASH Desk › Yearn Finance hit...
HASH DESK

Yearn Finance hit by $9M exploit after Infinite mint attack

AI-Powered • Editor Verified
•
December 1, 2025
Yearn Finance hit by $9M exploit after Infinite mint attack

Decentralized finance protocol Yearn Finance has suffered a major security breach after attackers exploited a vulnerability in its yETH stableswap pool, leading to an estimated $9 million in losses. 

The incident occurred on November 30 at approximately 21:11 UTC and involved a custom version of the stableswap contract code used exclusively for the yETH pool. Yearn emphasized that its widely used V2 and V3 vaults remain unaffected.

According to early indicators shared by Yearn, the attacker was able to mint a massive amount of yETH tokens, effectively “nearly infinite” quantities, in a single transaction. This allowed the exploiter to drain liquidity rapidly from the affected pool. 

Initial assessments suggest losses of around $8 million from the yETH stableswap pool itself, with an additional $900,000 drained from the yETH–WETH pool on Curve Finance.

On-chain data shows the attacker quickly moved to launder part of the stolen assets. Roughly 1,000 ETH, valued at approximately $3 million, was funneled through Tornado Cash, making further tracking difficult. 

Blockchain security analysts noted that the exploit relied on manipulating the minting logic of the custom contract rather than targeting core Yearn infrastructure.

Yearn confirmed the breach publicly, stating on X, “We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected.” The team added that the impacted contract is separate from its flagship vault products and does not pose broader systemic risk to the protocol.

The yETH token aggregates multiple popular liquid staking tokens (LSTs), making it a key liquidity component in the protocol’s ecosystem. The sudden and nearly unlimited minting sharply deviated from normal behavior, allowing the attackers to drain the pool within minutes.

Yearn said it is conducting a full investigation and reiterated its commitment to security. The protocol highlighted its history of audits and robust vulnerability disclosure processes, noting that lessons from the incident will inform future safeguards.