Yearn Finance Hit by Major yETH Exploit as Attacker Drains Funds
Yearn Finance confirmed an energetic exploit affecting its yETH product on Sunday, after an attacker minted an successfully limitless quantity of yETH and drained liquidity from Balancer swimming pools.
The incident triggered heavy on-chain motion, together with a number of 100 ETH transfers routed by means of Tornado Cash.
Infinite-Mint Attack Drains Liquidity From Balancer Pools
According to blockchain knowledge, the exploit occurred round 21:11 UTC on November 30, when a malicious pockets executed an infinite-mint assault that created roughly 235 trillion yETH in a single transaction.
Nansen’s alert system later confirmed the assault and recognized the occasion as an infinite-mint vulnerability within the yETH token contract, not in Yearn’s Vault infrastructure.
The attacker used the newly minted yETH to empty actual property—primarily ETH and Liquid Staking Tokens (LSTs)—from Balancer liquidity swimming pools. Early estimates recommend roughly $2.8 million in property had been eliminated.
Around 1,000 ETH was laundered by means of Tornado Cash shortly after the assault. Several helper contracts used within the exploit had been deployed minutes earlier than the incident and self-destructed afterward to obscure the path.
Yearn said that V2 and V3 Vaults weren’t affected, and the vulnerability seems restricted to the legacy yETH implementation.
The protocol’s Total Value Locked (TVL) stays above $600 million, in accordance with CoinGecko, suggesting core techniques weren’t compromised.
YFI Price Spikes as Market Reverses Initial Panic
However, the market response created an sudden dynamic. Shortly after the exploit was flagged on social media and by blockchain analysts, YFI’s value spiked sharply, climbing from close to $4,080 to over $4,160 inside an hour.
The transfer got here regardless of the unfavourable headlines surrounding the broader Yearn ecosystem.
The value response seems tied to market misinterpretation within the early minutes of the incident. Initial claims of a “Yearn exploit” prompted high-leverage brief positions on YFI, given the token’s skinny liquidity and traditionally aggressive draw back strikes throughout hack occasions.
The assault was remoted to yETH and never Yearn’s Vaults, and short-sellers started masking their positions. This triggered a quick brief squeeze and a volatility-driven value spike.
YFI’s circulating provide is just 33,984 tokens, making it one of the crucial illiquid major DeFi governance assets. This construction amplifies value actions, notably during times of uncertainty or speedy liquidation movement. Derivatives knowledge additionally confirmed elevated funding volatility instantly after the exploit alert.
For now, losses seem contained to the yETH and Balancer swimming pools touched by the exploit. Investigations stay ongoing, and it’s unclear whether or not any restoration choices exist for the stolen property.
Markets will possible look ahead to a proper Yearn disclosure detailing root trigger, patching efforts, and potential governance actions.
The submit Yearn Finance Hit by Major yETH Exploit as Attacker Drains Funds appeared first on BeInCrypto.