Yearn Finance Hit by Major yETH Exploit as Attacker Drains Funds

Yearn Finance confirmed an active exploit affecting its yETH product on Sunday, after an attacker minted an effectively unlimited amount of yETH and drained liquidity from Balancer pools. 

The incident triggered heavy on-chain movement, including multiple 100 ETH transfers routed through Tornado Cash. 

Infinite-Mint Attack Drains Liquidity From Balancer Pools

According to blockchain data, the exploit occurred around 21:11 UTC on November 30, when a malicious wallet executed an infinite-mint attack that created roughly 235 trillion yETH in a single transaction. 

Nansen’s alert system later confirmed the attack and identified the event as an infinite-mint vulnerability in the yETH token contract, not in Yearn’s Vault infrastructure.

The attacker used the newly minted yETH to drain real assets—primarily ETH and Liquid Staking Tokens (LSTs)—from Balancer liquidity pools. Early estimates suggest roughly $2.8 million in assets were removed. 

Around 1,000 ETH was laundered through Tornado Cash shortly after the attack. Several helper contracts used in the exploit were deployed minutes before the incident and self-destructed afterward to obscure the trail.

Yearn stated that V2 and V3 Vaults were not affected, and the vulnerability appears limited to the legacy yETH implementation. 

The protocol’s Total Value Locked (TVL) remains above $600 million, according to CoinGecko, suggesting core systems were not compromised. 

YFI Price Spikes as Market Reverses Initial Panic

However, the market reaction created an unexpected dynamic. Shortly after the exploit was flagged on social media and by blockchain analysts, YFI’s price spiked sharply, climbing from near $4,080 to over $4,160 within an hour. 

The move came despite the negative headlines surrounding the broader Yearn ecosystem.

The price reaction appears tied to market misinterpretation in the early minutes of the incident. Initial claims of a “Yearn exploit” prompted high-leverage short positions on YFI, given the token’s thin liquidity and historically aggressive downside moves during hack events. 

The attack was isolated to yETH and not Yearn’s Vaults, and short-sellers began covering their positions. This triggered a brief short squeeze and a volatility-driven price spike.

YFI’s circulating supply is only 33,984 tokens, making it one of the most illiquid major DeFi governance assets. This structure amplifies price movements, particularly during periods of uncertainty or rapid liquidation flow. Derivatives data also showed elevated funding volatility immediately after the exploit alert.

For now, losses appear contained to the yETH and Balancer pools touched by the exploit. Investigations remain ongoing, and it is unclear whether any recovery options exist for the stolen assets. 

Markets will likely watch for a formal Yearn disclosure detailing root cause, patching efforts, and potential governance actions.