- Yearn Finance’s yETH pool lost millions in a single hack, but V2 and V3 Vaults stayed safe.
- Hackers minted near-infinite yETH, profiting $3M, and used Tornado Cash to hide funds.
- YFI price spiked briefly after the exploit due to short-covering and low liquidity.
DeFi platform Yearn Finance faced a security breach on Monday, when its yETH product experienced unlimited token minting. The exploit drained the entire yETH pool in one transaction, raising alarm across the DeFi community.
Yearn confirmed the incident on Twitter, assuring users that its V2 and V3 Vaults remained secure and unaffected. The platform stated, “We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected.”
The attack generated a near-infinite number of yETH tokens, draining millions from Balancer pools. According to reports, attackers profited roughly 1,000 ETH, valued at $3 million, and routed it through the Tornado Cash mixer.
yETH represents an index token composed of various liquid staked Ethereum derivatives (LSTs). Analysts first flagged the exploit after noticing “heavy transactions” across LSTs, including Yearn, Rocket Pool, Origin, and Dinero.
Blockchain data indicates several newly deployed smart contracts were involved, which self-destructed after executing the transaction. The total financial impact remains uncertain, although the yETH pool held approximately $11 million before the hack.
Immediate Market Reaction and Broader Impact
Despite the breach, Yearn’s other Vaults remained unaffected. The incident recalls previous Yearn losses, such as the yDAI vault exploit, which drained $11 million. Meanwhile, the broader crypto sector continues to face security challenges.
CertiK’s monthly report notes that crypto lost $127 million to hacks and scams in November alone, with over $172 million affected before partial recoveries. Balancer’s cross-chain exploit, which lost over $116 million, ranks among the largest DeFi attacks of 2025. Consequently, these incidents put increased scrutiny on DeFi security measures and outdated smart contract use.
Interestingly, the yETH exploit triggered a brief surge in YFI price. The token rose from $4,080 to over $4,160 within an hour, fueled by short-covering after initial misinterpretation of the incident. Analysts attribute the spike to YFI’s thin liquidity and circulating supply of just 33,984 tokens. Elevated derivative funding volatility followed the alert, highlighting market sensitivity during rapid liquidation events.
For now, losses are limited to yETH and Balancer pools directly affected. Yearn has not confirmed any recovery options for stolen assets. Investigators continue analyzing the root cause and potential patches. Markets will watch closely for formal Yearn disclosures, including governance measures to prevent future exploits.
