- Yearn Finance faces major exploit as attacker drains millions from yETH.
- Complex smart contract attack leaves protocol investigating severe liquidity loss.
- Blockchain traces show stolen ETH moved through Tornado Cash after breach.
Yearn Finance is facing renewed pressure after its yETH product suffered a major exploit that removed a significant portion of its assets. The incident unfolded as an attacker used a coordinated strategy to mint a near limitless amount of yETH and drain the pool in a single transaction.
According to on chain activity observed by analyst Togbe on X, the exploit involved a sequence of newly deployed smart contracts. These contracts executed the mint and later erased themselves, which complicated early investigation efforts. Togbe explained that net transfers indicated a super mint that enabled the attacker to remove value while sacrificing some ether in the process.
Moreover, blockchain data showed that the attacker moved 1,000 ETH worth about 3 million dollars to privacy protocol Tornado Cash after draining liquidity. This outflow raised immediate concerns across the DeFi space as the yETH pool previously held about 11 million dollars in value.
Yearn responded quickly and confirmed an active investigation through a statement on X. The team stressed that Yearn Vaults V2 and V3 remained untouched. Hence the damage was isolated to the yETH stableswap pool and related liquidity positions.
Also Read: Bitcoin’s $93K Level: The Decisive Factor That Could Make or Break the Bull Run
Yearn Confirms Extent Of Losses As Investigation Deepens
Yearn later announced that the platform had lost $9 million in total during the exploit. The breakdown included $8 million from the main stableswap pool and $0.9 million from the yETH WETH pool on Curve. This confirmation arrived late on Sunday as internal teams collaborated with SEAL 911 and ChainSecurity to trace the root cause.
Additionally, Yearn noted that the compromised codebase did not appear in any other active product. This update helped calm users who feared broader exposure across the protocol. Yet the team acknowledged that the attack displayed similar complexity to the recent Balancer incident which also involved multilayered contract interactions.
Yearn has experienced security challenges in previous years. Its yDAI vault suffered an incident in 2021 that resulted in an 11 million dollar loss. In another mishap during 2023, a faulty script erased a large portion of a treasury position although user funds remained safe.
Yearn is now focused on completing a detailed post mortem and securing affected systems. The platform aims to address vulnerabilities while reassuring users that the breach remains limited to the yETH liquidity pools.
Also Read: Crypto Bloodbath Deepens As Leading Cryptos Drop Hard And Mid Caps Take Spotlight
