Yearn Finance Loses $9M in Exploit Targeting yETH Pool, Investigation Ongoing

Fridah Kangai
December 2, 2025
10:49 am

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

Yearn Finance loses $9M in exploit targeting yETH liquidity pool.
Attacker moves $3M in ETH to Tornado Cash after exploit.
Investigation underway as Yearn focuses on securing affected systems.

Yearn Finance is facing significant financial losses following a major exploit that targeted its yETH product. The resulting attack that involved the minting of large quantities of the yETH lead to millions of dollars being drained in one transaction.

The analysis of blockchain by a skilled Togbe showed that the attacker used a sequence of freshly implemented smart contracts to commit the exploit. These contracts initially minted the yETH and a self-destructing mechanism after which it became challenging to detect and investigate earlier. According to the analysis of Togbe, the attacker could steal a lot of value and lose some ether in the process.

Later in the action, the offender sent 1000 ETH, which is approximately 3 million dollars, to the privacy system Tornado Cash. This move sounded alarms within the decentralized finance (DeFi) ecosystem, in particular because the yETH pool was worth $11 million before the exploit. Shortly after the breach, Yearn Finance proceeded to report that an investigation was ongoing.

At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk.
— yearn (@yearnfi) December 1, 2025

Also Read: Kalshi Faces Lawsuit Over Alleged Unlicensed Sports Betting and Market Manipulation

Loss Breakdown and Immediate Actions

According to Yearn Finance, the overall losses of the exploit were in the tune of $9 million. The disillusionment was that the primary stableswap pool lost $8 million and the yETH WETH pool on Curve drained $900,000. The attack did not affect any of the Vaults V2 and V3, according to Yearn Finance, yet only affected the yETH liquidity pools that were compromised.

The Yearn team is collaborating with the help of external security professionals, such as SEAL 911 and ChainSecurity, to trace the attacker and find out the source of the exploit. The platform pointed to the fact that the complexity of the exploit was comparable to the Balancer attack that happened recently and was also a complex contract interaction.

It is not the first time that Yearn Finance experienced security problems. Its yDAI vault was attacked in 2021, and it lost $11 million. In the first half of this year, an erroneous script deleted part of its treasury although the funds of the users were not compromised.

Yearn Finance is concerned with the process of safeguarding their systems and enforcement of a post-mortem analysis. The team has assured users that the breach was contained, and it is currently undertaking additional measures to ensure that occurrences of the same do not occur in the future.

Also Read: Dogecoin Price Outlook: Key Support and Resistance Levels Identified