Yearn Finance Probes yETH Vault Exploit Involving Potential $3M ETH Loss

The Yearn Finance yETH exploit resulted in a $3 million loss when an attacker exploited a smart contract vulnerability in the liquid-staking index token, allowing infinite minting and draining the pool in one transaction. The attack was isolated to the yETH vault, with other Yearn vaults remaining secure.

• Exploit details: A hacker targeted the yETH smart contract flaw to mint excessive tokens.
• Immediate response from Yearn Finance confirmed the isolation to the yETH pool only.
• Broader impact: Part of a trend where DeFi lost $127 million to hacks in November 2025, per blockchain security reports.

What is the Yearn Finance yETH Exploit？

The Yearn Finance yETH exploit involved an attacker draining approximately $3 million in ETH from the yETH vault through a vulnerability in its smart contract. This liquid-staking index token, designed to aggregate staking positions, allowed the hacker to mint an infinite supply of tokens in a single transaction, effectively emptying the pool. Yearn Finance quickly isolated the issue, confirming no impact on its V2 and V3 vaults.

How Did the Attacker Exploit the yETH Vulnerability？

The exploit targeted a flaw in the yETH smart contract that bundles multiple liquid staking tokens into a tradable index. Blockchain analysis revealed the attacker manipulated the minting mechanism, creating an overflow that permitted unlimited token issuance without sufficient backing. This led to the rapid withdrawal of funds, highlighting risks in complex DeFi indexing tools. Security experts, including those from blockchain monitoring firms, note that such vulnerabilities often stem from unhandled edge cases in contract logic, even in audited code. In this case, the attacker netted around 1,000 ETH after sacrificing some collateral, as observed in on-chain transactions. Yearns team is now reviewing the code with independent auditors to patch similar issues, emphasizing the need for ongoing vigilance in DeFi protocols.

Frequently Asked QuestionsWhat caused the Yearn Finance yETH exploit and how much was lost？

The Yearn Finance yETH exploit stemmed from a smart contract vulnerability enabling infinite token minting, resulting in a $3 million ETH drain from the vault. Yearn confirmed the losses are contained to this pool, with no user funds in other vaults affected, based on initial on-chain assessments.

Is Yearn Finance safe after the yETH hack？

Yes, Yearn Finance remains secure overall, as the yETH hack was isolated to one specific pool and did not compromise the core V2 or V3 vaults. The team is conducting a full audit and monitoring for any residual risks, reassuring users that standard operations continue uninterrupted.

Key Takeaways

• Isolation of the breach: The yETH exploit affected only the targeted vault, leaving Yearns main products intact and demonstrating effective compartmentalization in protocol design.
• Rising DeFi threats: With $127 million lost to hacks in November 2025, smart contract flaws remain the primary risk, underscoring the need for rigorous, repeated audits.
• Proactive response: Yearns transparent communication and collaboration with security experts set a model for handling exploits, helping to rebuild user trust swiftly.