The security incident on the Yearn Finance platform took place on November 30th at approximately 21:11 UTC. The core issue was identified within a custom contract that managed a stable-swap pool, notably separated from Yearn’s primary product offerings. A critical weakness in this specific piece of code was exploited by an attacker, who successfully minted a vast, nearly infinite quantity of illegitimate yETH tokens. This breach allowed the attacker to circumvent the system’s intended safeguards and gain unauthorized control.
Using the newly minted fake tokens, the exploiter then proceeded to withdraw substantial amounts of real Ethereum (ETH) and various liquid staking assets from the affected pool. The vast majority of the funds, approximately $8 million, were drained from the main stableswap pool, with an additional $0.9 million siphoned from the yETH-WETH pool on the Curve platform. The total financial damage caused by the security breach is estimated to be close to $9 million.
Following the successful execution of the exploit, the attacker immediately began the process of laundering a portion of the stolen funds. Blockchain analysis from security firm PeckShieldAlert confirmed that roughly 1,000 ETH, valued at $3 million, was quickly moved into Tornado Cash, a well-known mixer used to obfuscate the flow of digital assets. The substantial remaining balance, totaling around $6 million, continues to reside in the exploiter’s specific wallet address, which is identified as 0xa80d…c822.
The attacker’s wallet currently holds a diversified mix of assets, including standard ETH, pxETH, frxETH, cbETH, Lido stETH, and Rocket Pool rETH. Notably, most of these remaining stolen funds appear to be currently staked. This action is likely a strategic move intended to complicate potential recovery efforts or to delay any possible legal or technical actions aimed at freezing or reclaiming the assets. The staking action adds a layer of complexity to the trail of the digital funds.
The team at Yearn Finance responded swiftly to the breach, publicly confirming that the exploit was strictly isolated to the older, legacy yETH product. They have been keen to reassure their user base that all active vaults and the corresponding funds within those core products remain secure and unaffected by the incident. While Yearn is actively collaborating with specialized security teams and auditors to conduct a thorough investigation, a formal recovery plan or strategy for the lost funds has yet to be publicly communicated. In immediate market reaction, the news saw Yearn’s governance token, YFIUSDT, drop by approximately 4.4% to trade near the $3956 level.
Reference:
