Yearn Finance Suffers Exploit, $3M ETH Ends Up in Tornado Cash

Yearn Finances yETH pool was exploited through an infinite-mint flaw.

• The attacker drained real assets, pulling nearly $3 million in ETH.
• Roughly 1,000 ETH was funneled through Tornado Cash in batches.

An infinite-mint vulnerability in Yearn Finances yETH contract triggered a multi-million dollar liquidity drain Sunday, forcing the protocol to isolate the affected legacy pool. An attacker exploited the flaw to mint 235 trillion synthetic tokens, immediately swapping the worthless supply for real assets before routing funds to mixer Tornado Cash.

The ‘Infinite Mint’ Mechanics

The breach originated in the yETH contract, a liquid staking index designed to bundle assets like stETH and rETH. The attacker identified a dormant logic flaw allowing the uncollateralized minting of yETH.

The first and most immediate target was a Balancer liquidity pool that supported yETH. Once the inflated supply of tokens entered the pool, it allowed the exploiter to remove real ETH and liquid staking derivatives at scale, pulling value from a pool that previously held nearly $11 million. The initial figure shows that roughly $3 million worth of ETH was stolen almost instantly.

yETHs Role and the Source of the Weakness

The yETH product functions as a liquid staking index, designed to bring together popular ETH staking tokens such as stETH and rETH into a unified asset. However, the recent incident shows that older smart contract logic can still contain dormant weak spots.

Analysts tracking the exploit pointed out that this issue came from a minting flaw present in a previous version of the yETH implementation. With this loophole open, the attacker could create a massive amount of yETH without any collateral.

Once the pool lost its backing, the attacker began to break the stolen ETH into smaller parts. Around 1,000 ETH, equal to roughly $3 million, moved into Tornado Cash in progressive batches.

The crypto mixer obscures transaction paths, which makes following the trail difficult for on-chain investigators. Blockchain records confirm this process started moments after the exploit and continued in steady intervals.

Other assets taken during the attack still remain in wallets associated with the exploiter, with early assessments showing several million dollars in value yet to move.

Yearn Finance Responds and Assesses Damage

Yearn Finance announced that the exploit sits entirely within the yETH pool and does not touch its V2 or V3 Vaults. These vaults control significantly more capital, which prevented the incident from becoming a far more severe event. The protocol states that its core vaults remain fully protected and unaffected by the flaw.

We are investigating an incident involving the yETH LST stableswap pool.