Yearn Finance has printed an in depth autopsy on final week’s yETH exploit, explaining how a numerical flaw in one in every of its older stableswap swimming pools let an attacker mint an nearly limitless quantity of LP tokens and steal about $9M in property.
The DeFi platform stated it has already recovered a part of the stolen funds.
Within the report, Yearn stated the assault hit the yETH weighted stableswap pool at block 23,914,086 on November 30, 2025.
DISCOVER: High 20 Crypto to Purchase in 2025
Which Yearn Merchandise Have been Affected and Which Stayed Protected?
The breach adopted what the staff described as “a fancy sequence of operations” that pushed the pool’s inner solver right into a divergent state after which triggered an arithmetic underflow.
Yearn famous that its v2 and v3 vaults, together with the remainder of its merchandise, “weren’t affected.” The impression stayed restricted to yETH and the techniques tied to it.
The attacker focused a customized stableswap pool that held a number of liquid staking tokens: apxETH, sfrxETH, wstETH, cbETH, rETH, ETHx, mETH, and wOETH, in addition to a yETH/WETH Curve pool.
In accordance with Yearn’s asset snapshot, the swimming pools held a mixture of LSTs and 298.35 WETH earlier than the exploit occurred.
Yearn’s autopsy breaks the assault into three clear steps.
Within the first stage, the attacker used a sequence of imbalanced add_liquidity deposits that pushed the pool’s fixed-point solver right into a state it wasn’t constructed to handle.
That transfer precipitated the interior product time period, Π, to fall to zero. As soon as that occurred, the weighted-stableswap invariant failed, permitting the attacker to mint way more yETH LP tokens than the worth they’d truly deposited.
With these inflated LP tokens in hand, the attacker moved to the subsequent section.
They repeatedly known as remove_liquidity and associated capabilities, pulling out nearly all the LST liquidity. A lot of the loss shifted onto protocol-owned liquidity contained in the staking contract.
DISCOVER: 9+ Greatest Excessive-Threat, Excessive-Reward Crypto to Purchase in 2025
What Funds Has Yearn Recovered So Far, And Who Will Obtain Them?
In accordance with Yearn, this sequence drove the pool’s inner provide to zero though ERC-20 balances nonetheless confirmed tokens within the contract.
Within the ultimate step, the attacker slipped right into a “bootstrap” initialization path that was solely meant for the pool’s first launch.
By sending a crafted dust-level configuration that broke a key area rule, they triggered an unsafe subtraction. That underflow created a large batch of latest yETH LP tokens and accomplished the exploit.
Yearn stated the underflow was so extreme that it created what the staff known as an “infinite-mint.” The attacker used this flaw to empty the yETH/ETH Curve pool.
The undertaking stated it has recovered 857.49 pxETH to date with assist from the Plume and Dinero groups. A restoration transaction befell on Dec. 1.
Yearn plans to return the recovered property to yETH depositors on a pro-rata foundation, utilizing balances from proper earlier than the exploit. Any additional recoveries, whether or not from cooperation by the attacker or from new tracing efforts, may also go to depositors. The timeline launched by Yearn exhibits {that a} warfare room was shaped about 20 minutes after the breach.
The SEAL 911 response group joined quickly after. Investigators say the attacker despatched 1,000 ETH to Twister Money later that evening, and moved the remaining funds by way of the mixer on Dec. 5.
Earlier reporting from The Block stated roughly $3M in ETH moved by way of Twister Money within the hours after the assault.
The autopsy additionally reminds customers that YIP-72 governs yETH. It factors to the product’s “Use at Personal Threat” clause, which states that Yearn contributors and YFI governance should not liable for masking losses.
The report says any recovered funds will return to affected customers.
DISCOVER: 15+ Upcoming Coinbase Listings to Watch in 2025
The submit All the things You Have to Know About Yearn Finance Exploit appeared first on 99Bitcoins.
