Yearn Finance Hit by Major yETH Exploit Draining Millions in LST Tokens

Table of Contents

Yield-farming protocol Yearn Finance is scrambling to assess the damage after its Yearn Ether (yETH) product suffered a sophisticated exploit that drained millions of dollars’ worth of liquid staking tokens (LSTs) in a single transaction.

Blockchain data suggests the attacker minted an effectively unlimited supply of yETH, allowing them to drain the pool before routing a portion of the stolen funds to Tornado Cash.

The yETH vault is designed to aggregate a basket of popular LSTs — including stETH, rETH, and others — into a unified token. But sometime late Sunday, that mechanism was turned into a critical point of failure.

Also read: Yearn Finance: Simplifying DeFi Yield Farming for Crypto Investors

A Super-Mint Exploit Empties the Pool

According to blockchain traces, the attacker executed a series of transactions through newly deployed smart contracts, one of which enabled the minting of an “almost infinite” amount of yETH. With the artificial token supply in place, the attacker rapidly withdrew assets from the pool, draining its liquidity in moments.

Roughly 1,000 ETH — worth about $3 million at current prices — was quickly funneled into privacy mixer Tornado Cash. The full scope of the losses remains unclear, but the yETH pool held around $11 million in assets before the attack.

Independent investigator and X user Togbe, who first spotted the anomaly, said the movements resembled a super-mint function being triggered.

“Net transfers suggest yETH super mint let the attacker drain the pool for some gain of 1k ETH,” Togbe told media. “Somehow other ETH was sacrificed in this, but they still made away with profit.”

some other balancer related stuff looking like an exploit considering heavy interactions with tornado

yearn, rocket pool, origin, dinero and other LST going around pic.twitter.com/wUuexeQJyg
— Togbe (@Togbe0x) November 30, 2025

Yearn Finance Responds

Yearn Finance acknowledged the incident shortly after the alarm was raised, posting on X:

“We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected.”

We are investigating an incident involving the yETH LST stableswap pool.

Yearn Vaults (both V2 and V3) are not affected.
— yearn (@yearnfi) November 30, 2025

That distinction is crucial for users. Yearn’s vaults — which manage a much larger pool of ecosystem assets — appear untouched. Instead, the attacker specifically targeted the smart-contract infrastructure around the newer yETH product.

Still, the breach marks one of Yearn’s most serious security incidents since 2021, renewing scrutiny over the safety of complex yield strategies at a time when liquidity in DeFi markets remains thin.

Also read: Is Yield Farming Still Profitable?

A History of Strain for the Protocol

This is not the first time Yearn Finance has dealt with a high-profile exploit. In February 2021, its yDAI vault was drained in an attack that cost the protocol roughly $11 million, with the hacker walking away with nearly $3 million.

In December 2023, the protocol disclosed that a faulty script had wiped out 63% of one of its treasury positions. While no user funds were affected in that case, the episode sparked concern over Yearn’s internal operational safeguards.

Yearn’s early success was closely tied to its high-profile founder Andre Cronje, who launched the platform in 2020 but departed the project in 2022. Since then, the community-run protocol has continued to push new yield products and integrations, including the ill-fated yETH pool.

What Comes Next

With millions in LSTs now missing and the attacker’s trail partially obscured through Tornado Cash, investigators are racing to piece together how the exploit was carried out — and whether any funds can realistically be recovered.

Security researchers say the attack’s architecture suggests deep knowledge of Yearn’s contract system, raising the possibility of a complex vulnerability or economic design flaw rather than a traditional reentrancy or oracle-manipulation exploit.

As Yearn works to contain the fallout, the broader DeFi community is once again confronting the fragility of intricate yield-aggregation products — especially those handling tokenized staking derivatives that have become central to Ethereum’s post-Merge economy.

For now, Yearn users can only wait for the protocol’s full post-mortem. But the message is already clear: in DeFi, even the most battle-tested protocols remain only as secure as their most experimental products.

Author

Steven Walgenbach

Steven's passion for cryptocurrency and blockchain technology began in 2014, inspiring him to immerse himself in the field. He notably secured a top 5 world ranking in robotics. While he initially pursued a computer science degree at the University of Texas at Arlington, he chose to pause his studies after two semesters to take a more hands-on approach in advancing cryptocurrency technology. During this period, he actively worked on multiple patents related to cryptocurrency and blockchain. Additionally, Steven has explored various areas of the financial sector, including banking and financial markets, developing prototypes such as fully autonomous trading bots and intuitive interfaces that streamline blockchain integration, among other innovations.

View all posts